nanog mailing list archives
Re: Marriott wifi blocking
From: Jay Hennigan <jay () west net>
Date: Fri, 03 Oct 2014 21:30:12 -0700
On 10/3/14, 7:57 PM, Hugo Slabbert wrote:
But it's not a completely discrete network. It is a subset of the existing network in the most common example of e.g. a WLAN + NAT device providing access to additional clients, or at least an adjacent network attached to the existing one. Okay: theoretically a guest could spin up a hotspot and not attach it to the hotel network at all, but I'm assuming that's a pretty tiny edge case.
The appropriate remedy would be to deny access to the WLAN+NAT device from your host network, not to interfere with its communication to its clients. Or ask the guest operating it to leave the premises. A guest spinning up a hotspot not connected to the hotel network is far from an edge case. Cellular 3G/4G/LTE-to-hotspot devices are quite common and widely deployed. Tethering one's laptop to one's smartphone is also very common. Jamming such communications does nothing to protect one's own wi-fi, only to protect one's profits.
As the administration of the hotel/org network, I'm within bounds to say you're not allowed attach unauthorized devices to the network or extend the network and that should be fair in "my network, my rules", no? And so I can take action against a breach of those terms.
As long as it's a legal action, such as denying the MAC of the unauthorized device to your network, absolutely. In this case it's someone else's network, hence not your rules.
The hotspot is a separate network, but I don't have to allow it to connect to my network. I guess that points towards killing the wired port as a better method, as doing deauth on the hotspot(s) WLAN(s) would mean that you are participating in the separate network(s) and causing harm there rather than at the attachment point.
Precisely.
But what then of the duplicate SSID of the nefarious user at the business? What recourse does the business have while still staying in bounds?
As long as the nefarious user isn't connecting to the business's network, none. There are likely hundreds of thousands if not millions of networks whose SSID is 'Linksys', duplicated willy-nilly worldwide. -- Jay Hennigan - CCIE #7880 - Network Engineering - jay () impulse net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Current thread:
- Re: Marriott wifi blocking, (continued)
- Re: Marriott wifi blocking Jay Ashworth (Oct 03)
- Re: Marriott wifi blocking Hugo Slabbert (Oct 03)
- Re: Marriott wifi blocking Suresh Ramasubramanian (Oct 03)
- Re: Marriott wifi blocking Hugo Slabbert (Oct 03)
- Message not available
- Re: Marriott wifi blocking Larry Sheldon (Oct 03)
- Re: Marriott wifi blocking Owen DeLong (Oct 03)
- Message not available
- Re: Marriott wifi blocking Larry Sheldon (Oct 03)
- Re: Marriott wifi blocking Bob Evans (Oct 04)
- Re: Marriott wifi blocking Owen DeLong (Oct 04)
- Re: Marriott wifi blocking Jay Hennigan (Oct 04)
- Re: Marriott wifi blocking Jay Hennigan (Oct 03)
- Re: Marriott wifi blocking Owen DeLong (Oct 03)
- Re: Marriott wifi blocking David Cantrell (Oct 06)
- Re: Marriott wifi blocking Michael Van Norman (Oct 03)
- Re: Marriott wifi blocking Hugo Slabbert (Oct 03)
- Re: Marriott wifi blocking Jay Ashworth (Oct 03)
- Re: Marriott wifi blocking Hugo Slabbert (Oct 03)
- Re: Marriott wifi blocking Jay Ashworth (Oct 03)
- Re: Marriott wifi blocking Daniel Seagraves (Oct 03)
- Re: Marriott wifi blocking Majdi S. Abbas (Oct 03)
- Re: Marriott wifi blocking Jay Ashworth (Oct 04)