On Fri 2014-Oct-03 19:45:57 -0700, Michael Van Norman <mvn@ucla.edu> wrote:
On 10/3/14 7:25 PM, "Hugo Slabbert" <hugo@slabnet.com> wrote:
On Fri 2014-Oct-03 17:21:08 -0700, Michael Van Norman <mvn@ucla.edu> wrote:
IANAL, but I believe they are. State laws may also apply (e.g. California Code - Section 502). In California, it is illegal to "knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network." Blocking access to somebody's personal hot spot most likely qualifies.
My guess would be that the hotel or other organizations using the blocking tech would probably just say the users/admin of the rogue APs are not authorized users as setting up said AP would probably be in contravention of the AUP of the hotel/org network.
They can say anything they want, it does not make it legal.
There's no such thing as a "rogue" AP in this context. I can run an access point almost anywhere I want (there are limits established by the FCC in some areas) and it does not matter who owns the land underneath. They have no authority to decide whether or not my access point is "authorized." They can certainly refuse to connect me to their wired network; and they can disconnect me if they decide I am making inappropriate use of their network -- but they have no legal authority to interfere with my wireless transmissions on my own network (be it my personal hotspot, WiFi router, etc.). FWIW, the same is true in almost all corporate environments as well.
Thanks; I think that's the distinction I was looking for here. By spoofing deauth, the org is actively/knowingly participating on *my network* and causing harm to it without necessarily having proof that *my network* is in any way attached to *their network*. The assumption in the hotel case is likely that the WLANs of the "rogue" APs they're targeting are attached to their wired network and are attempts to extend that wireless network without authorization (and that's probably generally a pretty safe assumption), but that doesn't forgive causing harm to that WLAN. There's no reason they can't cut off the wired port of the AP if it is connected to the org's network as that's their attachment point and their call, but spoofed deauth stuff does seem to be out of bounds. I'm not clear on whether it runs afoul of FCC regs as it's not RF interference directly but rather an (ab)use of higher layer control mechanisms operating on that spectrum, but it probably does run afoul of most "thou shalt not harm other networks" legislation like the California example.
/Mike
-- Hugo