Prevent unwanted computers from connecting to your wireless network
Topic: LANeye TECHNICAL DESCRIPTION
Suspicious logon detection - LANeye monitors the network traffic and focusing on computers logon attempts and behavior. Information from the connecting attempts LANeye stores in what is called a surrounding file.
Differences in information from previous logon triggers the suspicious logon detection. LANeye will detect if a computer tries to connect to a new workgroup, asking to be part of a different domain or if the computer repeatable tries to reconnect to the network.
Triggering the suspicious logon detection will result in an alarm and the blocking settings for that computer will be activated, resulting in that the computer will be blocked. Since all information from a device get stored, next time the device will logon with this new information LANeye will not trigger the suspicious logon detection again.
However the blocking settings that was activated during the previous logon will still be activated and will be activated until you manually remove the blocking settings for that device.
In this way LANeye will adapt to changes over time, start blocking only when anomalies are detected but will not detect old changes of information and therefore not trigger numerous of alarms for that same device.
Repeatable logon attempts within short time periods will be detected every time. There are times when this happens not because of intrusion but are caused by a laptop computer that have a poor wireless LAN connection.
If the wireless radio connection are weak or gets disturbed the computer will renegotiate the network connecting several times per minute. LANeye do not like this and will block on that even if this is not an intrusion attempt.
Some computers may have more problem with this than others. Of cause the best solution to get rid of these false alarms would be to improve the wireless LAN. However if that is not possible the LANeye Professional Edition have individual exclusion detection filters that can be applied to individual computers.
Suspicious behavior that is natural - Some network devices may to LANeye appear suspiciously but have a natural behavior that differs from normal computers. Typical devices that have different behavior are VPN tunnels, SAN (Storage Area Network) gateways and computers that are running Virtual Machines. These devices should all have their exclusion filters applied in LANeye to prevent false detections. The exclusion filters are not available in LANeye Small Network Edition. You have to use LANeye Professional Edition to be able to apply such filters.
LANeye automatically detects unusual logon behavior.
Computers that behaves strange will be blocked.
LANeye automatically puts new unknown computers on black list.
Black listed computers automatically gets blocked.