nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Marriott wifi blocking

From: Michael Thomas <mike () mtcc com>
Date: Sat, 04 Oct 2014 13:44:04 -0700
On 10/04/2014 01:33 PM, Owen DeLong wrote:

On Oct 4, 2014, at 12:39 , Brandon Ross <bross () pobox com> wrote:


On Sat, 4 Oct 2014, Michael Thomas wrote:


The problem is that there's really no such thing as a "copycat" if the client doesn't have the means of authenticating the 
destination. If that's really the requirement, people should start bitching to ieee to get destination auth on ap's instead of blatantly 
asserting that somebody owns a particular ssid because, well, because.

In the enterprise environment that there's been some insistence from folks on this list is a legitimate place to block "rogue" APs, 
what makes those SSIDs, "yours"?  Just because they were used first by the enterprise? That doesn't seem to hold water in an 
unlicensed environment to me at all.

Pretty much... Here's why...

If you are using an SSID in an area, anyone else using the same SSID later is causing harmful interference to your network. It's a 
first-come-first-serve situation. Just like amateur radio spectrum... If you're using a frequency to carry on a conversation with someone, 
other hams have an obligation not to interfere with your conversation (except in an emergency). It's a bit more complicated there, because 
you're obliged to reasonably accommodate others wishing to use the frequency, but in the case of SSIDs, there's no such requirement.

Now, if I start using SSID XYZ in building 1 and someone else is using it in building 3 and the two coverage zones don't 
overlap, I'm not entitled to extend my XYZ SSID into building 3 when I rent space there, because someone else is using it in 
that location first.

I can only extend my XYZ coverage zone so far as there are no competing XYZ SSIDs in the locations I'm expanding in to.


If the Marriott can't do this, I don't think anyone can, legally.

If I set up something on an SSID Marriott is already using, then my bad and they have the right to take appropriate 
defensive action to protect their network.
No. Seriously, no. Biggest come, biggest serve doesn't do a damn bit of good dealing with the actual problem which is one of authentication. Think of this with the big I internet without TLS. What you're asking for is complete chaos.
Stomping on other AP is an arms race in which nobody wins. If I want to guarantee that I only connect to $MEGACORP AP's, I should be using strong authentication, not AP neutron bombs to clear the battlefield. 

Mike
Previous By Date Next
Previous By Thread Next

Current thread: