nanog mailing list archives
Re: Marriott wifi blocking
From: Owen DeLong <owen () delong com>
Date: Fri, 3 Oct 2014 21:39:19 -0700
If there were a duplicate SSID, the. The nefarious user is the one causing illegal harmful interference. However, as I understand the case in question, Marriott was blocking stand-up mobile hotspots not attached to their wired network or bridged/routed through their wifi. As you pointed out, even if this were unauthorized extension of the Marriott network, Marriott's legitimate response would have been disconnecting the extension from their network, not causing harmful interference to the other network. Owen
On Oct 3, 2014, at 19:57, Hugo Slabbert <hugo () slabnet com> wrote: Looks like you cut off, but:Except that this is the difference between what happens at a Marriott and what would happen at a business that was running rogue AP detection. In the business the portable AP would be trying to look like the network that the company operated so as to siphon off legitimate users. In a hotel the portable AP would be trying to create a different, separate network. And so your thesis does not hold.But it's not a completely discrete network. It is a subset of the existing network in the most common example of e.g. a WLAN + NAT device providing access to additional clients, or at least an adjacent network attached to the existing one. Okay: theoretically a guest could spin up a hotspot and not attach it to the hotel network at all, but I'm assuming that's a pretty tiny edge case. As the administration of the hotel/org network, I'm within bounds to say you're not allowed attach unauthorized devices to the network or extend the network and that should be fair in "my network, my rules", no? And so I can take action against a breach of those terms. The hotspot is a separate network, but I don't have to allow it to connect to my network. I guess that points towards killing the wired port as a better method, as doing deauth on the hotspot(s) WLAN(s) would mean that you are participating in the separate network(s) and causing harm there rather than at the attachment point. But what then of the duplicate SSID of the nefarious user at the business? What recourse does the business have while still staying in bounds? -- HugoOn Fri 2014-Oct-03 22:27:06 -0400, Jay Ashworth <jra () baylink com> wrote: Except that this is the difference between what happens at a Marriott and what would happen at a business that was running rogue AP detection. In the business the portable AP would be trying to look like the network that the company operated so as to siphon off legitimate users. In a hotel the portable AP would be trying to create a different, separate network. And so your thesis does not hold. I think this is the distinction we need. Because it's clear that the business thing should be able to happen and the hotel thing shouldOn October 3, 2014 10:25:22 PM EDT, Hugo Slabbert <hugo () slabnet com> wrote: On Fri 2014-Oct-03 17:21:08 -0700, Michael Van Norman <mvn () ucla edu> wrote:IANAL, but I believe they are. State laws may also apply (e.g.CaliforniaCode - Section 502). In California, it is illegal to "knowingly and without permission disrupts or causes the disruption of computerservicesor denies or causes the denial of computer services to an authorizeduserof a computer, computer system, or computer network." Blocking accesstosomebody's personal hot spot most likely qualifies.My guess would be that the hotel or other organizations using the blocking tech would probably just say the users/admin of the rogue APs are not authorized users as setting up said AP would probably be in contravention of the AUP of the hotel/org network./Mike-- HugoOn 10/3/14 5:15 PM, "Mike Hale" <eyeronic.design () gmail com> wrote: So does that mean the anti-rogue AP technologies by the various vendors are illegal if used in the US?On Fri, Oct 3, 2014 at 4:54 PM, Jay Ashworth <jra () baylink com> wrote: ----- Original Message -----From: "Ricky Beam" <jfbeam () gmail com>It doesn't. The DEAUTH management frame is not encrypted andcarries noauthentication. The 802.11 spec only requires a reason code be provided.What's the code for E_GREEDY? Cheers, -- jra -- Jay R. Ashworth Baylink jra () baylink com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000LandRover DII St Petersburg FL USA BCP38: Ask For It By Name! +1727647 1274-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0-- Sent from my Android phone with K-9 Mail. Please excuse my brevity.-- Hugo
Current thread:
- Re: Marriott wifi blocking, (continued)
- Re: Marriott wifi blocking Hugo Slabbert (Oct 03)
- Re: Marriott wifi blocking Suresh Ramasubramanian (Oct 03)
- Re: Marriott wifi blocking Hugo Slabbert (Oct 03)
- Message not available
- Re: Marriott wifi blocking Larry Sheldon (Oct 03)
- Re: Marriott wifi blocking Owen DeLong (Oct 03)
- Message not available
- Re: Marriott wifi blocking Larry Sheldon (Oct 03)
- Re: Marriott wifi blocking Bob Evans (Oct 04)
- Re: Marriott wifi blocking Owen DeLong (Oct 04)
- Re: Marriott wifi blocking Jay Hennigan (Oct 04)
- Re: Marriott wifi blocking Jay Hennigan (Oct 03)
- Re: Marriott wifi blocking Owen DeLong (Oct 03)
- Re: Marriott wifi blocking David Cantrell (Oct 06)
- Re: Marriott wifi blocking Michael Van Norman (Oct 03)
- Re: Marriott wifi blocking Hugo Slabbert (Oct 03)
- Re: Marriott wifi blocking Jay Ashworth (Oct 03)
- Re: Marriott wifi blocking Hugo Slabbert (Oct 03)
- Re: Marriott wifi blocking Jay Ashworth (Oct 03)
- Re: Marriott wifi blocking Daniel Seagraves (Oct 03)
- Re: Marriott wifi blocking Majdi S. Abbas (Oct 03)
- Re: Marriott wifi blocking Jay Ashworth (Oct 04)
- Re: Marriott wifi blocking Michael Thomas (Oct 04)