On Oct 4, 2014, at 12:39 , Brandon Ross <bross@pobox.com> wrote:
On Sat, 4 Oct 2014, Michael Thomas wrote:
The problem is that there's really no such thing as a "copycat" if the client doesn't have the means of authenticating the destination. If that's really the requirement, people should start bitching to ieee to get destination auth on ap's instead of blatantly asserting that somebody owns a particular ssid because, well, because.
In the enterprise environment that there's been some insistence from folks on this list is a legitimate place to block "rogue" APs, what makes those SSIDs, "yours"? Just because they were used first by the enterprise? That doesn't seem to hold water in an unlicensed environment to me at all.
Pretty much... Here's why... If you are using an SSID in an area, anyone else using the same SSID later is causing harmful interference to your network. It's a first-come-first-serve situation. Just like amateur radio spectrum... If you're using a frequency to carry on a conversation with someone, other hams have an obligation not to interfere with your conversation (except in an emergency). It's a bit more complicated there, because you're obliged to reasonably accommodate others wishing to use the frequency, but in the case of SSIDs, there's no such requirement. Now, if I start using SSID XYZ in building 1 and someone else is using it in building 3 and the two coverage zones don't overlap, I'm not entitled to extend my XYZ SSID into building 3 when I rent space there, because someone else is using it in that location first. I can only extend my XYZ coverage zone so far as there are no competing XYZ SSIDs in the locations I'm expanding in to.
If the Marriott can't do this, I don't think anyone can, legally.
If I set up something on an SSID Marriott is already using, then my bad and they have the right to take appropriate defensive action to protect their network. If I stand up a new network using an SSID Marriott isn't already using, then they have no right to cause harmful interference to that network. Sharing the same channels using different SSIDs, while it may degrade performance (of both networks) isn't technically what I would call "harmful interference", nor is it considered such by the FCC. That's just a matter of sharing the spectrum as intended in the products certified for that service.
Now, granted, if I'm doing it with the intent to disrupt the corporate network or steal data, there's certainly other laws to deal with that, but I don't think even that is justification for spoofed deauth.
Depends on whether you were the first one using the SSID in a particular location or not. Sure, this can get ambiguous and difficult to prove, but the reality is that most cases are pretty clear cut and it's usually not hard to tell who is the interloper on a given SSID. Owen