On Sat, 4 Oct 2014, Michael Thomas wrote:
The problem is that there's really no such thing as a "copycat" if the client doesn't have the means of authenticating the destination. If that's really the requirement, people should start bitching to ieee to get destination auth on ap's instead of blatantly asserting that somebody owns a particular ssid because, well, because.
In the enterprise environment that there's been some insistence from folks on this list is a legitimate place to block "rogue" APs, what makes those SSIDs, "yours"? Just because they were used first by the enterprise? That doesn't seem to hold water in an unlicensed environment to me at all. If the Marriott can't do this, I don't think anyone can, legally. Now, granted, if I'm doing it with the intent to disrupt the corporate network or steal data, there's certainly other laws to deal with that, but I don't think even that is justification for spoofed deauth. -- Brandon Ross Yahoo & AIM: BrandonNRoss +1-404-635-6667 ICQ: 2269442 Skype: brandonross Schedule a meeting: http://www.doodle.com/bross