Marriott wifi blocking

• Previous message (by thread): Marriott wifi blocking
• Next message (by thread): Marriott wifi blocking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/3/14, 7:57 PM, Hugo Slabbert wrote:

> But it's not a completely discrete network.  It is a subset of the
> existing network in the most common example of e.g. a WLAN + NAT device
> providing access to additional clients, or at least an adjacent network
> attached to the existing one.  Okay: theoretically a guest could spin up
> a hotspot and not attach it to the hotel network at all, but I'm
> assuming that's a pretty tiny edge case.

The appropriate remedy would be to deny access to the WLAN+NAT device
from your host network, not to interfere with its communication to its
clients. Or ask the guest operating it to leave the premises.

A guest spinning up a hotspot not connected to the hotel network is far
from an edge case. Cellular 3G/4G/LTE-to-hotspot devices are quite
common and widely deployed. Tethering one's laptop to one's smartphone
is also very common. Jamming such communications does nothing to protect
one's own wi-fi, only to protect one's profits.

> As the administration of the hotel/org network, I'm within bounds to say
> you're not allowed attach unauthorized devices to the network or extend
> the network and that should be fair in "my network, my rules", no?  And
> so I can take action against a breach of those terms.

As long as it's a legal action, such as denying the MAC of the
unauthorized device to your network, absolutely. In this case it's
someone else's network, hence not your rules.

> The hotspot is a separate network, but I don't have to allow it to
> connect to my network.  I guess that points towards killing the wired
> port as a better method, as doing deauth on the hotspot(s) WLAN(s) would
> mean that you are participating in the separate network(s) and causing
> harm there rather than at the attachment point.

Precisely.

> But what then of the duplicate SSID of the nefarious user at the
> business?  What recourse does the business have while still staying in
> bounds?

As long as the nefarious user isn't connecting to the business's
network, none. There are likely hundreds of thousands if not millions of
networks whose SSID is 'Linksys', duplicated willy-nilly worldwide.

--
Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net
Impulse Internet Service  -  http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV

• Previous message (by thread): Marriott wifi blocking
• Next message (by thread): Marriott wifi blocking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]