CN107277771A - A kind of rogue AP detection suppression technology based on wireless location - Google Patents
A kind of rogue AP detection suppression technology based on wireless location Download PDFInfo
- Publication number
- CN107277771A CN107277771A CN201710546016.6A CN201710546016A CN107277771A CN 107277771 A CN107277771 A CN 107277771A CN 201710546016 A CN201710546016 A CN 201710546016A CN 107277771 A CN107277771 A CN 107277771A
- Authority
- CN
- China
- Prior art keywords
- equipment
- rogue
- detection
- focus
- region
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
- H04W4/021—Services related to particular areas, e.g. point of interest [POI] services, venue services or geofences
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Suppression technology is detected the invention discloses a kind of rogue AP based on wireless location, is comprised the following steps:Step a, unlatching rogue AP scan function, if there is rogue AP equipment, jump to step b, otherwise terminate;Step b, in the region of detection plan is drawn, wherein marking legal normal AP device locations;Step c, the region to detection carry out positioning of setting foot-point;Step d:Rogue AP equipment is positioned, find the rogue AP equipment and thoroughly remove the rogue AP equipment, invention increases wireless locating function, directly the source of rogue AP focus is nipped off, the problem of fundamentally solving fishing focus, field network deployment covering is not interfered with, security is substantially increased yet.
Description
Technical field
Suppression technology is detected the present invention relates to rogue AP.
Background technology
As WIFI wireless technologys are further ripe with popularization, the need that people are surfed the Net using wireless network in public places
Ask and sufficiently met.The network of high speed and the expense of relative moderate allow WIFI network to turn into the first choice that people surf the Net.But
It is that the same place for having light just has dark, brings easily WiFi technology and also brought threat.
Public domain, criminal sets up the fishing focus with normal focus same name, and induction user is connected into, so as to intercept number of users
It is believed that breath carries out illegal activities, this leak causes the attention of multi-party wireless manufacturer, and rogue AP detection technique is arisen at the historic moment.
Current rogue AP detection suppression technology substantially realizes that step is as follows:
1st, hot spot scanning is reported:
As the wireless device of same manufacturer, manufacturer's user-defined identification can be taken when outwards transmitting beacon frames
Code or OUI.When the illegal Hot spots detection functions of unlatching AP, AP obtains the beacon frames of surrounding devices, first whether judges ESSID
Be to go examine the true and false target, then judge beacon whether with this manufacturer corresponding special field or Bssid whether
It is the OUImac of this manufacturer.If ESSID is suspicious focus, and BSSID is Fei Ben manufacturers, then this focus has very likely
It is the rogue AP focus that criminal sets up.Now, AP by these the illegal hot informations scanned report Cloud Server or
In page presentation.Site operation personnel are allowed to carry out examination judgement, if to launch a offensive.
2nd, initiate to suppress attack:
When site operation personnel confirm that several focuses need to suppress attack, AP enters attack mode, and unlatching mixes mould
Formula all channel is scanned, and analysis is collected to the packet of surrounding, if the BSSID in packet is the object of selected attack, that
The terminal mac in packet is just extracted, timing camouflage terminal sends de-association deauth messages to illegal focus, then pretends non-
Method focus initiates de-association message to terminal, and terminal is disconnected with illegal focus after such attack, and next time again attempts to
Automatically connect after illegal focus by our AP spoof attack again, until terminal is no longer attempt to connect illegal focus, start to connect
When connecing normal legal focus, we no longer attack.Suppress attack to terminate, thus protect user information safety.
The deficiency of existing scheme:
When AP launches a offensive, due to being all channel scanning, then the AP no longer provides focus access service, then turns into
Special attack equipment, if there is illegal focus in environment always, and has user terminal to attempt to go connection in use, our AP
Attack state is will always be in, two problems can be so brought:One is that the live AP equipment for providing focus reduces one, other
AP focuses pressure becomes big, has designed that network coverage layout is impacted originally, and Consumer's Experience is not good.If individually increase by one is set
It is standby to be used as detection with attack, then increase cost.If another is rogue AP, equipment have modified ssid, then need to sweep again
Attack is retouched, site operation personnel's real-time operation is so needed, cures the symptoms, not the disease.
The content of the invention
The purpose of the present invention is to overcome the shortcomings of to detect there is provided a kind of rogue AP based on wireless location in existing product to press down
Technology processed.
In order to achieve the above object, the present invention is achieved by the following technical solutions:
A kind of rogue AP detection suppression technology based on wireless location, comprises the following steps:
Step a, unlatching rogue AP scan function, if there is rogue AP equipment, jump to step b, otherwise terminate;
Step b, in the region of detection plan is drawn, wherein marking legal normal AP device locations;
Step c, the region to detection carry out positioning of setting foot-point;
Step d:Rogue AP equipment is positioned, the rogue AP equipment is found and thoroughly removes the rogue AP equipment.
The region of described pair of detection set foot-point orientating as and carries out each position of mobile device in the region of detection
Place, mobile device open it is wireless but and be not connected to any AP equipment, while opening the wireless locating function of AP equipment, work as movement
When equipment is in a certain position, the position of mobile device is labeled on plan and coordinate diagram, and record movement
AP equipment around equipment receives the rssi information of the mobile device signal message, and by the coordinate diagram after mark, rssi information
Server is reported to be preserved.
Positioning is carried out to rogue AP equipment to comprise the following steps:
Step d1, in the region of detection select diverse location AP equipment, open rogue AP detection, to the upper of AP equipment
Report result is screened, and obtains the mac information of rogue AP equipment focus;
Step d2, the mac information of rogue AP equipment focus issued to AP equipment, open the suppression attack switch work(of AP equipment
Can, after AP equipment suppression attack switching function comes into force, all terminals are disconnected from rogue AP focus, are connected legal normal
The focus of AP equipment;
Step d3:The wireless location scan function of AP equipment in the region of detection is opened, AP in the region of detection is obtained and sets
Standby mac and rssi information, and by mac and rssi information reportings to server, the mac information further according to rogue AP equipment focus is entered
After row filtering, on the server by confirming the positional information in coordinate diagram of the rogue AP equipment in coordinate diagram;
Step d4:Positioned according to the contrast of coordinate diagram and plan, orient position of the rogue AP equipment on plan
Information.
The mobile device is mobile phone or ipad or computer.
Beneficial effects of the present invention are as follows:Invention increases wireless locating function, directly by the source of rogue AP focus
Nip off, the problem of fundamentally solving fishing focus, also do not interfere with field network deployment covering, substantially increase safety
Property.
Embodiment
Technical scheme is described further below:
Embodiment 1:
A kind of rogue AP detection suppression technology based on wireless location, comprises the following steps:
Step a, unlatching rogue AP scan function, if there is rogue AP equipment, jump to step b, otherwise terminate;
Step b, in the region of detection plan is drawn, wherein marking legal normal AP device locations;
Step c, the region to detection carry out positioning of setting foot-point, and the region of described pair of detection set foot-point orientating as and sets movement
Standby each position in the region of detection is placed, mobile device open wirelessly but and be not connected to any AP equipment, simultaneously
The wireless locating function of AP equipment is opened, will be mobile on plan and coordinate diagram when mobile device is in a certain position
The position of equipment is labeled, and records the rssi letters that the AP equipment around mobile device receives the mobile device signal message
Breath, and the coordinate diagram after mark, rssi information reporting servers are preserved, the mobile device is mobile phone or ipad or electricity
Brain.;
Step d:Rogue AP equipment is positioned, the rogue AP equipment is found and thoroughly removes the rogue AP equipment, it is right
Rogue AP equipment carries out positioning and comprised the following steps:
Step d1, in the region of detection select diverse location AP equipment, open rogue AP detection, to the upper of AP equipment
Report result is screened, and obtains the mac information of rogue AP equipment focus;
Step d2, the mac information of rogue AP equipment focus issued to AP equipment, open the suppression attack switch work(of AP equipment
Can, after AP equipment suppression attack switching function comes into force, all terminals are disconnected from rogue AP focus, are connected legal normal
The focus of AP equipment;
Step d3:The wireless location scan function of AP equipment in the region of detection is opened, AP in the region of detection is obtained and sets
Standby mac and rssi information, and by mac and rssi information reportings to server, the mac information further according to rogue AP equipment focus is entered
After row filtering, on the server by confirming the positional information in coordinate diagram of the rogue AP equipment in coordinate diagram;
Step d4:Positioned according to the contrast of coordinate diagram and plan, orient position of the rogue AP equipment on plan
Information.
Invention increases wireless locating function, directly the source of rogue AP focus is nipped off, fishing is fundamentally solved
The problem of fish focus, field network deployment covering is not interfered with, security is substantially increased yet.
Embodiment 2:
Deploy 13 equipment altogether in office areas and carry out wireless coverage, according to the region area size of monitoring not
Together, reduction or AP number of devices can suitably be increased.Many AP deployed with devices, as long as installation site is appropriate, disturb small, like that between AP
To the coverage effect of whole region, the positioning of wireless transmission quality and rogue AP equipment and root out and can play extraordinary effect
Really.
Step a, unlatching rogue AP scan function, if there is rogue AP equipment, jump to step b, otherwise terminate;
Step b, plan is drawn in office areas, wherein marking legal normal AP device locations;
Step c, the region to detection carry out positioning of setting foot-point:Our handheld mobile phones are opened wireless but and are not connected to any letter
Number, the slow migration in office areas, while opening the wireless locating function of scene AP equipment.When mobile phone is in a certain position
When, it is labeled on plan and coordinate diagram, and record the rssi that the AP equipment of surrounding receives the mobile phone signal message
Information, progress reports server to be preserved.When complete Office Space of migration, 13 live AP equipment are to whole area
Any one wireless device can receive the channel strength of message according to AP around to obtain the position in domain.
Step d:Rogue AP equipment is positioned, the rogue AP equipment is found and thoroughly removes the rogue AP equipment, it is right
Rogue AP equipment carries out positioning and comprised the following steps:
Step d1, in the region of detection select diverse location AP equipment, open rogue AP detection, to the upper of AP equipment
Report result is screened, and obtains the mac information of rogue AP equipment focus;
Step d2, the mac information of rogue AP equipment focus issued to AP equipment, open the suppression attack switch work(of AP equipment
Can, after AP equipment suppression attack switching function comes into force, all terminals are disconnected from rogue AP focus, are connected legal normal
The focus of AP equipment;
Step d3:The wireless location scan function of AP equipment in the region of detection is opened, AP in the region of detection is obtained and sets
Standby mac and rssi information, and by mac and rssi information reportings to server, the mac information further according to rogue AP equipment focus is entered
After row filtering, on the server by confirming the positional information in coordinate diagram of the rogue AP equipment in coordinate diagram;
Step d4:Positioned according to the contrast of coordinate diagram and plan, orient position of the rogue AP equipment on plan
Information.
The present invention adds wireless locating function on the basis of the common rogue AP detection scanning of tradition suppresses, to illegal
AP equipment is accurately positioned, so as to accurately find the rogue AP equipment and thoroughly remove the rogue AP equipment, so as to directly will
The source of rogue AP focus is nipped off, the problem of fundamentally solving fishing focus, does not interfere with field network deployment covering, greatly
Add security greatly.The rogue AP detection suppression technology combining wireless location technology of the present invention, is difficult to wireless signal is this
The thing of seizure quantifies according to signal intensity, finds out source and is solved so as to be able to positioning, so that thoroughly that rogue AP equipment is clear
Remove, it is not necessary to site operation personnel's real-time operation, it is very easy to use.
It should be noted that listed above is only a kind of specific embodiment of the invention.It is clear that the invention is not restricted to
Upper embodiment, can also there is many deformations.In a word, one of ordinary skill in the art can directly lead from present disclosure
All deformations for going out or associating, are considered as protection scope of the present invention.
Claims (4)
1. a kind of rogue AP detection suppression technology based on wireless location, it is characterised in that comprise the following steps:
Step a, unlatching rogue AP scan function, if there is rogue AP equipment, jump to step b, otherwise terminate;
Step b, in the region of detection plan is drawn, wherein marking legal normal AP device locations;
Step c, the region to detection carry out positioning of setting foot-point;
Step d:Rogue AP equipment is positioned, the rogue AP equipment is found and thoroughly removes the rogue AP equipment.
2. the rogue AP based on wireless location detects suppression technology according to claim 1, it is characterised in that described pair of detection
Region set foot-point to orientate as and placed each position of mobile device in the region of detection, mobile device unlatching nothing
Line but and be not connected to any AP equipment, while open the wireless locating function of AP equipment, when mobile device is in a certain position,
The position of mobile device is labeled on plan and coordinate diagram, and records the AP equipment around mobile device and is received
The rssi information of the mobile device signal message, and the coordinate diagram after mark, rssi information reporting servers are preserved.
3. the rogue AP based on wireless location detects suppression technology according to claim 1, it is characterised in that described to illegal
AP equipment carries out positioning and comprised the following steps:
Step d1, in the region of detection select diverse location AP equipment, open rogue AP detection, knot is reported to AP equipment
Fruit is screened, and obtains the mac information of rogue AP equipment focus;
Step d2, the mac information of rogue AP equipment focus issued to AP equipment, opens the suppression attack switching function of AP equipment,
After AP equipment suppression attack switching function comes into force, all terminals are disconnected from rogue AP focus, connect legal normal AP
The focus of equipment;
Step d3:The wireless location scan function of AP equipment in the region of detection is opened, AP equipment mac in the region of detection is obtained
With rssi information, and by mac and rssi information reportings to server, the mac information further according to rogue AP equipment focus was carried out
After filter, on the server by confirming the positional information in coordinate diagram of the rogue AP equipment in coordinate diagram;
Step d4:Positioned according to the contrast of coordinate diagram and plan, orient positional information of the rogue AP equipment on plan.
4. the rogue AP based on wireless location detects suppression technology according to claim 1, it is characterised in that the movement is set
Standby is mobile phone or ipad or computer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710546016.6A CN107277771A (en) | 2017-07-06 | 2017-07-06 | A kind of rogue AP detection suppression technology based on wireless location |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710546016.6A CN107277771A (en) | 2017-07-06 | 2017-07-06 | A kind of rogue AP detection suppression technology based on wireless location |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107277771A true CN107277771A (en) | 2017-10-20 |
Family
ID=60072293
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710546016.6A Pending CN107277771A (en) | 2017-07-06 | 2017-07-06 | A kind of rogue AP detection suppression technology based on wireless location |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107277771A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110475274A (en) * | 2018-05-09 | 2019-11-19 | 北京智慧图科技有限责任公司 | The recognition methods of exception AP in a kind of mobile positioning technique |
| CN113473471A (en) * | 2021-06-21 | 2021-10-01 | 杭州网银互联科技股份有限公司 | Method for blocking wireless mobile terminal from accessing illegal AP |
| CN113630782A (en) * | 2021-08-09 | 2021-11-09 | 迈普通信技术股份有限公司 | Wireless sharing detection method, device, system and computer readable storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1588878A (en) * | 2004-08-05 | 2005-03-02 | Ut斯达康通讯有限公司 | Method for detecting illegally cut-in point in radio cocal network |
| CN1925428A (en) * | 2006-09-28 | 2007-03-07 | 北京理工大学 | Method for detecting network nonlicet nodes by adjacent supervise |
| CN105992210A (en) * | 2015-02-09 | 2016-10-05 | 中国移动通信集团湖北有限公司 | Mobile pseudo base station positioning method and system, positioning device and positioning server |
| CN106231597A (en) * | 2015-06-02 | 2016-12-14 | 中国科学院上海高等研究院 | The localization method of a kind of pseudo-base station and system |
| CN106341818A (en) * | 2016-09-30 | 2017-01-18 | 宇龙计算机通信科技(深圳)有限公司 | Pseudo base station identification method, communication method, pseudo base station positioning method and corresponding devices |
| CN106454843A (en) * | 2016-11-14 | 2017-02-22 | 上海斐讯数据通信技术有限公司 | Illegal AP (Access Point) suppression method and system in wireless local area network, and wireless AP |
| CN106792715A (en) * | 2017-04-14 | 2017-05-31 | 杭州亚古科技有限公司 | Illegal wireless AP detection methods and device |
-
2017
- 2017-07-06 CN CN201710546016.6A patent/CN107277771A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1588878A (en) * | 2004-08-05 | 2005-03-02 | Ut斯达康通讯有限公司 | Method for detecting illegally cut-in point in radio cocal network |
| CN1925428A (en) * | 2006-09-28 | 2007-03-07 | 北京理工大学 | Method for detecting network nonlicet nodes by adjacent supervise |
| CN105992210A (en) * | 2015-02-09 | 2016-10-05 | 中国移动通信集团湖北有限公司 | Mobile pseudo base station positioning method and system, positioning device and positioning server |
| CN106231597A (en) * | 2015-06-02 | 2016-12-14 | 中国科学院上海高等研究院 | The localization method of a kind of pseudo-base station and system |
| CN106341818A (en) * | 2016-09-30 | 2017-01-18 | 宇龙计算机通信科技(深圳)有限公司 | Pseudo base station identification method, communication method, pseudo base station positioning method and corresponding devices |
| CN106454843A (en) * | 2016-11-14 | 2017-02-22 | 上海斐讯数据通信技术有限公司 | Illegal AP (Access Point) suppression method and system in wireless local area network, and wireless AP |
| CN106792715A (en) * | 2017-04-14 | 2017-05-31 | 杭州亚古科技有限公司 | Illegal wireless AP detection methods and device |
Non-Patent Citations (1)
| Title |
|---|
| 钟九洲: "检测校园网WLAN 中非法的AP", 《网络安全技术与应用》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110475274A (en) * | 2018-05-09 | 2019-11-19 | 北京智慧图科技有限责任公司 | The recognition methods of exception AP in a kind of mobile positioning technique |
| CN113473471A (en) * | 2021-06-21 | 2021-10-01 | 杭州网银互联科技股份有限公司 | Method for blocking wireless mobile terminal from accessing illegal AP |
| CN113630782A (en) * | 2021-08-09 | 2021-11-09 | 迈普通信技术股份有限公司 | Wireless sharing detection method, device, system and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109314864A (en) | The method for operating wireless telecom equipment | |
| CN107683617B (en) | System and method for pseudo base station detection | |
| US9788196B2 (en) | Systems and methods for identifying rogue base stations | |
| CN107995626B (en) | Method and device for identifying WIFI signal security category in wireless local area network | |
| CN104980954B (en) | Real-time control method of terminal and base station control module | |
| EP1908319B1 (en) | Acquiring identity parameters by emulating base stations | |
| WO2017185742A1 (en) | Method, device, and terminal for identifying a pseudo base station | |
| CN104581730A (en) | Method and system for distinguishing pseudo base station in real time | |
| CN104349325B (en) | Method and device for monitoring pseudo- wireless access point AP | |
| CN107277771A (en) | A kind of rogue AP detection suppression technology based on wireless location | |
| CN102438238A (en) | Method for detecting illegal AP (Assembly Program) under centralized WLAN (Wireless Local Area Network) environment | |
| CN108289318A (en) | A kind of LTE terminal management-control method based on signaling process | |
| CN105681272A (en) | Method for detecting and defensing fishing WiFi of mobile terminal | |
| CN104581732A (en) | Real-time pseudo base station determining method and system based on short message | |
| CN103442351A (en) | Method for protecting wireless network | |
| CN103327484A (en) | Method for clearing illegal AP in wireless local area network | |
| CN106686600B (en) | Method and device for detecting pseudo base station | |
| CN103888949A (en) | Illegal AP prevention method and device | |
| CN104270762A (en) | Method for detecting false station in GSM and LTE network | |
| CN106488457A (en) | A kind of method and device of acquisition targeted customer IMSI | |
| US8532616B2 (en) | Systems and methods for identification of mobile phones in a restricted environment | |
| CN101447802A (en) | Method for catching the terminal of a mobile subscriber | |
| CN110519556A (en) | A kind of method that electricity encloses base station Yu video detection target association | |
| US11337054B2 (en) | System and method for obtaining an identifier of a mobile communication terminal at a control checkpoint | |
| CN106973396A (en) | Capture systems and method under a kind of mobile phone black state |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171020 |
|
| RJ01 | Rejection of invention patent application after publication |