Marriott wifi blocking
Jay Ashworth
jra at baylink.com
Sat Oct 4 18:47:42 UTC 2014
----- Original Message -----
> From: "Chris Marget" <chris at marget.com>
> You [I] said:
>
> > It is OK for an enterprise wifi system to make this sort of attack
> > *on rogue APs which are trying to pretend to be part of it (same ESSID).
>
> I'm curious to hear how you'd rationalize containing a copycat AP
> under the current rules.
>
> In fact, I remain fuzzy on when spoofed de-auth frames would *ever* be okay
> when used against unwilling clients within the FCC's jurisdiction given
> their position that spoofed control frames constitute interference under
> part 15 rules.
>
> This thread and similar discussions elsewhere contain assertions that
> enterprise networks "need to defend themselves" in some circumstances,
> or that "containing" an AP with a copycat SSID would certainly be okay.
>
> I'm not so sure.
>
> The "need to manage our RF space" arguments ring hollow to me. I certainly
> understand why someone would *want* to manage the spectrum, but that's
> just not anyone's privilege when using ISM bands. If the need is great
> enough, get some licensed spectrum and manage that.
I wasn't making that argument.
I was making the "if someone tries to pretend to be part of my network,
so that my users will inadvertantly attach to them and possibly leak
'classified' data, *then that rogue user is making a 1030 attack on my
network*.
> A copycat AP is unquestionably hostile, and likely interfering with users,
> but I'm unconvinced that the hostility triggers a privilege to attack it
> under part 15 rules. In addition to not being allowed to interfere, we also
> have:
You're not attacking it, per se; you are defensively disconnecting from
it *users who are part of your own network*; these are endpoints *you are
administratively allowed to exert control over*, from my viewpoint.
> 2. This device must accept any interference received, including
> interference that may cause undesired operation.
>
> Certificate-based authentication would solve that problem anyway,
> wouldn't it?
Probably. And yes, any system big enough to do this stuff is likely
big enough to run 1x as well.
> A "rogue" AP plugged into a wired port is best solved at the wired port,
I'm not sure anyone was actually mooting this.
> Even large private campuses like oil refineries probably wouldn't be in the
> clear doing this sort of thing unless they're able to stop law enforcement,
> delivery drivers, paramedics and firefighters at the gate in order to get
> them to agree to receive spoofed de-auth frames.
Again: you've shifted topics here from "enterprise rogue protection" (stay off *my* ESSID) to "Marriott Attack" (stay off all ESSIDs that *aren't* mine);
different thing entirely.
I make a clear distinction (now that it's not 3am :-) between what Marriott
is doing, and what enterprises doing rogue protection are doing, as noted
above.
Still not a lawyer.
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII
St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
More information about the NANOG
mailing list