Abstract: A Software-as-a-Service (SaaS) based method for providing wireless vulnerability management for local area computer networks. The method includes providing a security server being hosted by a service provider entity to provide analysis of data associated with wireless vulnerability management for a plurality of local area computer networks of a plurality of customer entities, respectively. The method includes creating a workspace for wireless vulnerability management for a customer entity on the security server and receiving configuration information associated with the workspace. The method also includes supplying one or more sniffers to the customer entity. The method includes receiving at the security server information associated with wireless activity monitored by the one or more sniffers at premises of the customer entity and processing the received information within the workspace for the customer entity using the security server.

Abstract: A method for detecting address rotation by a device in a communication network includes receiving, at a first time, a first message transmitted by the device, receiving, at a second time, a second message transmitted by the device, and processing the first message to determine a first sequence number and a first transmitter address. The method also includes processing the second message to determine a second sequence number and a second transmitter address, determining that the second transmitter address is different from the first transmitter address, determining a time gap between the first time and the second time, and determining, based, in part, on the time gap, a sequence threshold value. The method further includes determining a sequence difference between the first sequence number and the second sequence number, determining that the sequence difference is less than the sequence threshold value, and providing an indication of address rotation by the device.

Abstract: A method and a system for detecting access point devices that provide unauthorized wireless access to local area computer networks is provided. The method includes transferring one or more marker packets to the wired portion of the local area network. The one or more marker packets include an authentication data that is computed based at least upon identify of the wirelessly active access point device and a secret key. The method includes processing one or more wireless frames transmitted from the wirelessly active access point device to extract and to verify at least a portion of the authentication data.

Abstract: A method of estimating a location of a wireless device providing a wireless attack. The method includes disposing a number of sniffers in a geographic region and receiving a number of wireless signals at one or more of the number of sniffers. The method also includes processing the number of wireless signals to identify a subset of the number of wireless signals that are associated with the wireless device and determining a number of received signal strengths associated with the subset of the number of wireless signals. The method further includes providing an estimation of the location of the wireless device utilizing the determined received signal strengths associated with the subset of the number of wireless signals.

Abstract: Methods and systems for detecting a masquerading wireless device in a local area network are provided. The method includes receiving a first packet and a second packet. Preferably, the first packet includes a first identity information and a first time information, and the second packet includes a second identity information and a second time information. The method can compute, using the first time information, a first approximation to a starting time of a wireless device associated with the first identity information. The method can also compute, using the second time information, a second approximation to a starting time of a wireless device associated with the second identity information. The method further includes determining whether a masquerading wireless device is present in the local area network based on at least the first and second approximations.

Abstract: A method for monitoring a selected region of an airspace associated with local area networks of computing devices is provided. The method includes providing one or more segments of a legacy local area network to be protected in a selected geographic region. The legacy local area network is characterized by an unsecured airspace within the selected geographic region. The method includes determining a security policy associated with the one or more segments of the legacy local area network. The security policy at least characterizes a type of wireless activity in the unsecured airspace to be permitted, denied, or ignored. Additionally, the method includes connecting one or more sniffer devices into the legacy local area network. The one or more sniffer devices are spatially disposed within the selected geographic region to cause at least a portion of the unsecured airspace to be secured according to the security policy.

Abstract: A method for arbitrating use of wireless medium for transmission of wireless signals within a selected local geographic region. The selected local geographic region comprises a first set of a plurality of devices to be allowed to transmit wireless signals and a second set of one or more devices to be substantially restricted from transmitting wireless signals. The method includes providing identity information associated with the first set of wireless devices. The method includes transmitting over a wireless medium at least one packet for each of the wireless devices in the first set. The at least one packet for each of the wireless devices includes an identity information, including an address, associated with that wireless device. That wireless device is a recipient of the one packet on the wireless medium. The at least one packet also has a selected value in a duration field of at least the one packet.

Abstract: A system and method is provided for detecting wireless access devices coupled to local area network of computers. The method includes coupling a sniffer device to a local area network. The method includes transferring one or more packets to be directed to a selected device over the local area network. The selected device is preferably coupled to the local area network. The method includes intercepting the one or more packets to be directed to the selected device at the sniffer device. Moreover, the method includes deriving information from the intercepted one or more packets using the sniffer device. The method can generate one or more marker packets in a selected format using the sniffer device. The marker packets are provided based upon at least a portion of the information derived from the intercepted packets.

Abstract: A method for classifying radio interfaces in a wireless network. The method includes transferring an unknown MAC address associated with a radio interface of a communication device through a wireless medium and detecting the unknown MAC address on the wireless medium using a first sniffer device. The method also includes transferring information through an access point coupled to a wired medium utilizing the radio interface of the wireless communication device. The information includes the unknown MAC address. The method further includes detecting the unknown MAC address on the wired medium using a second sniffer device and classifying the radio interface as an authorized radio interface based upon detecting the unknown MAC address on the wireless medium and detecting the unknown MAC address on the wired medium.

Abstract: A method for disrupting unauthorized communications between at least two communication devices is provided. The method comprises using an address resolution protocol (ARP) to redirect transfer of data that occurs using unauthorized wireless communication between a first wireless device and a second wireless device. In a preferred embodiment, the method maintains a layer two wireless link while the data are being redirected.

Abstract: According to an embodiment of the present invention, the wireless activity in a geographic area containing LAN connection ports is monitored using one or more sensor devices, called sniffers. By analyzing said wireless activity, one or more APs that are operating in said geographic area are identified. The active APs so identified are classified into three categories, namely “authorized” APs (those that are allowed by network administrator), “unauthorized” APs (those that are not allowed by the network administrator, but are still connected to the LAN of interest) and “external” APs (those that are not allowed by network administrator but are not connected to the LAN of interest, for example APs connected to the neighbor's LAN) by conducting one or more tests. The sniffers continue to monitor the selected geographic area to detect any wireless station attempting to connect to or communicating with the one or more identified unauthorized APs.

Abstract: A method for arbitrating use of wireless medium for transmission of wireless signals within a selected local geographic region. The selected local geographic region comprises a first set of a plurality of devices to be allowed to transmit wireless signals and a second set of one or more devices to be substantially restricted from transmitting wireless signals. The method includes providing identity information associated with the first set of wireless devices. The method includes transmitting over a wireless medium at least one packet for each of the wireless devices in the first set. The at least one packet for each of the wireless devices includes an identity information, including an address, associated with that wireless device. That wireless device is a recipient of the one packet on the wireless medium. The at least one packet also has a selected value in a duration field of at least the one packet.

Abstract: Methods and systems for detecting a masquerading wireless device in a local area network are provided. The method includes receiving a first packet and a second packet. Preferably, the first packet includes a first identity information and a first time information, and the second packet includes a second identity information and a second time information. The method can compute, using the first time information, a first approximation to a starting time of a wireless device associated with the first identity information. The method can also compute, using the second time information, a second approximation to a starting time of a wireless device associated with the second identity information. The method further includes determining whether a masquerading wireless device is present in the local area network based on at least the first and second approximations.

Abstract: A system and method for locating a wireless device in one or more wireless networks within a selected geographic region. The method includes generating a computer model of a selected geographic region including a layout and inputting information associated with one or more components of a wireless network into the computer model. The one or more components includes at least one or more sniffer devices. Additionally, the method includes determining signal intensity characteristics of the one or more components of the wireless network over at least a portion of the selected geographic region and receiving one or more wireless signals from one or more wireless devices. Moreover, the method includes determining a plurality of probabilities associated with a plurality of locations for at least one of the one or more wireless devices.

Abstract: An apparatus for wireless communication including an automated intrusion detection process is provided. The apparatus has a portable housing, which may have a length no greater than 1 meter, a width no greater than 1 meter, and a height of no greater than 1 meter. A processing unit (e.g., CPU) is within the housing. One or more wireless network interface devices are within the housing and are coupled to the processing unit. The apparatus has an Ethernet (or like) network interface device within the housing and coupled to the processing unit. A network connector is coupled to the Ethernet network device. One or more memories are coupled to the processing unit. A code is directed to perform a process for detection of a wireless activity within a selected local geographic region. According to a specific embodiment, the wireless activity is derived from at least one authorized device or at least an other device.

Abstract: A method and a system for scheduling instances of prevention processes for inhibiting undesirable wireless communication of wireless devices is provided. The method includes identifying a wireless device based on a detected undesirable wireless communication. The method can initiate an instance of a prevention process directed to the wireless device so identified. The prevention process can include AP flooding, deauthentication and the like. Preferably, the instance of the prevention process can inhibit the wireless device for certain duration. The method includes setting an inhibited time interval. Preferably, the inhibited time interval is associated with the duration for which the wireless device is inhibited due to the instance of the prevention process. Moreover, the method can perform scanning for other undesirable wireless communication and/or access point functionality during at least a portion of the inhibited time interval.