Saw this article: http://www.cnn.com/2014/10/03/travel/marriott-fcc-wi-fi-fine/ The interesting part: 'A federal investigation of the Gaylord Opryland Resort and Convention Center in Nashville found that Marriott employees had used "containment features of a Wi-Fi monitoring system" at the hotel to prevent people from accessing their own personal Wi-Fi networks.' I'm aware of how the illegal wifi blocking devices work, but any idea what legal hardware they were using to effectively keep their own wifi available but render everyone else's inaccessible? David
You could monitor it with something like airodump-ng and send deauth packets if its not associated with your own BSSID(s) On 3 October 2014 21:06, David Hubbard <dhubbard@dino.hostasaurus.com> wrote:
Saw this article:
http://www.cnn.com/2014/10/03/travel/marriott-fcc-wi-fi-fine/
The interesting part:
'A federal investigation of the Gaylord Opryland Resort and Convention Center in Nashville found that Marriott employees had used "containment features of a Wi-Fi monitoring system" at the hotel to prevent people from accessing their own personal Wi-Fi networks.'
I'm aware of how the illegal wifi blocking devices work, but any idea what legal hardware they were using to effectively keep their own wifi available but render everyone else's inaccessible?
David
Yes, I've tested it quite effectively using WLC 5508 and a AIR-CAP3502I-A-K9
Date: Fri, 3 Oct 2014 16:15:37 -0400 From: telmnstr@757.org CC: nanog@nanog.org Subject: Re: Marriott wifi blocking
I'm aware of how the illegal wifi blocking devices work, but any idea what legal hardware they were using to effectively keep their own wifi available but render everyone else's inaccessible?
Doesn't Cisco and other vendors offer "rouge AP squashing" features?
- Ethan O'Toole
legality is questionable insofar as "this device must not cause harmful interference" of PartB but how it works is by sending DEAUTH packets with spoofed MAC addresses "rouge AP" response on Cisco/Aruba works like this. Regards, Michael Holstein Cleveland State University ________________________________________ From: NANOG <nanog-bounces@nanog.org> on behalf of David Hubbard <dhubbard@dino.hostasaurus.com> Sent: Friday, October 03, 2014 4:06 PM To: NANOG Subject: Marriott wifi blocking Saw this article: http://www.cnn.com/2014/10/03/travel/marriott-fcc-wi-fi-fine/ The interesting part: 'A federal investigation of the Gaylord Opryland Resort and Convention Center in Nashville found that Marriott employees had used "containment features of a Wi-Fi monitoring system" at the hotel to prevent people from accessing their own personal Wi-Fi networks.' I'm aware of how the illegal wifi blocking devices work, but any idea what legal hardware they were using to effectively keep their own wifi available but render everyone else's inaccessible? David
but how it works is by sending DEAUTH packets with spoofed MAC addresses "rouge AP" response on Cisco/Aruba works like this.
DIY version if you want to try it out .. just download Kali/Backtrack or compile aircrack-ng http://www.aircrack-ng.org/doku.php?id=deauthentication Regards, Michael Holstein Cleveland State University ________________________________________ From: NANOG <nanog-bounces@nanog.org> on behalf of David Hubbard <dhubbard@dino.hostasaurus.com> Sent: Friday, October 03, 2014 4:06 PM To: NANOG Subject: Marriott wifi blocking Saw this article: http://www.cnn.com/2014/10/03/travel/marriott-fcc-wi-fi-fine/ The interesting part: 'A federal investigation of the Gaylord Opryland Resort and Convention Center in Nashville found that Marriott employees had used "containment features of a Wi-Fi monitoring system" at the hotel to prevent people from accessing their own personal Wi-Fi networks.' I'm aware of how the illegal wifi blocking devices work, but any idea what legal hardware they were using to effectively keep their own wifi available but render everyone else's inaccessible? David
I would think this would not sit very well with the providers. They've likely installed equip nearby to the hotel & conv.ctr in order to adequately handle the concentration of devices at that location. True? On Fri, Oct 3, 2014 at 4:16 PM, Michael O Holstein < michael.holstein@csuohio.edu> wrote:
legality is questionable insofar as "this device must not cause harmful interference" of PartB but how it works is by sending DEAUTH packets with spoofed MAC addresses "rouge AP" response on Cisco/Aruba works like this.
Regards,
Michael Holstein Cleveland State University ________________________________________ From: NANOG <nanog-bounces@nanog.org> on behalf of David Hubbard < dhubbard@dino.hostasaurus.com> Sent: Friday, October 03, 2014 4:06 PM To: NANOG Subject: Marriott wifi blocking
Saw this article:
http://www.cnn.com/2014/10/03/travel/marriott-fcc-wi-fi-fine/
The interesting part:
'A federal investigation of the Gaylord Opryland Resort and Convention Center in Nashville found that Marriott employees had used "containment features of a Wi-Fi monitoring system" at the hotel to prevent people from accessing their own personal Wi-Fi networks.'
I'm aware of how the illegal wifi blocking devices work, but any idea what legal hardware they were using to effectively keep their own wifi available but render everyone else's inaccessible?
David
-- Greg Moberg, Director, NerveCenter Engineering LogMatrix, Inc | http://www.logmatrix.com/ | CommunityForum <http://community.logmatrix.com/LogMatrix/> | Blog <http://www.logmatrix.com/Blog> Telephone: +1 (800)892-3646 <http://www.logmatrix.com> <http://www.twitter.com/NerveCenter> <http://www.linkedin.com/company/logmatrix?trk=ppro_cprof> <https://www.facebook.com/Logmatrix?sk=page_insights> <http://www.youtube.com/user/logmatrixchannel>
Not sure the specific implementation. But I've heard of Rouge AP detection done in two ways. 1. Associate to the "Rouge" ap. Send a packet, See if it appears on your network, Shut the port off it appeared from. I think this is the cisco way? Not sure. This is automated of course. This method wouldn't work in this case. Because it wasn't connected to the hotels network 2. Your AP's detect the "Rouge" AP, They slam out a ton of "Deauth's" directed at the clients, As if they are the AP. Effectively telling the client to "disconnect". Side question for those smarter than I. How does WPA encryption play into this? Would a client associated to a WPA2 AP take a non-encrypted deauth appearing from the same BSSID? Nick Olsen Network Operations (855) FLSPEED x106 ---------------------------------------- From: "David Hubbard" <dhubbard@dino.hostasaurus.com> Sent: Friday, October 03, 2014 4:11 PM To: "NANOG" <nanog@nanog.org> Subject: Marriott wifi blocking Saw this article: http://www.cnn.com/2014/10/03/travel/marriott-fcc-wi-fi-fine/ The interesting part: 'A federal investigation of the Gaylord Opryland Resort and Convention Center in Nashville found that Marriott employees had used "containment features of a Wi-Fi monitoring system" at the hotel to prevent people from accessing their own personal Wi-Fi networks.' I'm aware of how the illegal wifi blocking devices work, but any idea what legal hardware they were using to effectively keep their own wifi available but render everyone else's inaccessible? David
On Fri, 3 Oct 2014 16:16:22 -0400 "Nick Olsen" <nick@flhsi.com> wrote:
Not sure the specific implementation. But I've heard of Rouge AP detection done in two ways.
Relation discussion on this topic has come up from time to time. I believe the last time was in a thread that starts here and includes various methods of network-based rogue AP detection if you follow all the responses and links: <http://mailman.nanog.org/pipermail/nanog/2012-October/052690.html> One of my favorite ways long ago, not sure if this works reliably anymore, was to watch who was joining well known AP IP multicast groups commonly associated with different wireless gear, something you can easily do on routers (e.g. show ip igmp group _group_address_). There are also a number of well known OUIs associated with AP gear that are easily to monitor for in arp/bridge/cam tables. John
On Fri, 03 Oct 2014 16:16:22 -0400, Nick Olsen <nick@flhsi.com> wrote:
Side question for those smarter than I. How does WPA encryption play into this? Would a client associated to a WPA2 AP take a non-encrypted deauth appearing from the same BSSID?
It doesn't. The DEAUTH management frame is not encrypted and carries no authentication. The 802.11 spec only requires a reason code be provided. --Ricky
----- Original Message -----
From: "Ricky Beam" <jfbeam@gmail.com>
It doesn't. The DEAUTH management frame is not encrypted and carries no authentication. The 802.11 spec only requires a reason code be provided.
What's the code for E_GREEDY? Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
So does that mean the anti-rogue AP technologies by the various vendors are illegal if used in the US? On Fri, Oct 3, 2014 at 4:54 PM, Jay Ashworth <jra@baylink.com> wrote:
----- Original Message -----
From: "Ricky Beam" <jfbeam@gmail.com>
It doesn't. The DEAUTH management frame is not encrypted and carries no authentication. The 802.11 spec only requires a reason code be provided.
What's the code for E_GREEDY?
Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
IANAL, but I believe they are. State laws may also apply (e.g. California Code - Section 502). In California, it is illegal to "knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network." Blocking access to somebody's personal hot spot most likely qualifies. /Mike On 10/3/14 5:15 PM, "Mike Hale" <eyeronic.design@gmail.com> wrote:
So does that mean the anti-rogue AP technologies by the various vendors are illegal if used in the US?
On Fri, Oct 3, 2014 at 4:54 PM, Jay Ashworth <jra@baylink.com> wrote:
----- Original Message -----
From: "Ricky Beam" <jfbeam@gmail.com>
It doesn't. The DEAUTH management frame is not encrypted and carries no authentication. The 802.11 spec only requires a reason code be provided.
What's the code for E_GREEDY?
Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
On Fri 2014-Oct-03 17:21:08 -0700, Michael Van Norman <mvn@ucla.edu> wrote:
IANAL, but I believe they are. State laws may also apply (e.g. California Code - Section 502). In California, it is illegal to "knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network." Blocking access to somebody's personal hot spot most likely qualifies.
My guess would be that the hotel or other organizations using the blocking tech would probably just say the users/admin of the rogue APs are not authorized users as setting up said AP would probably be in contravention of the AUP of the hotel/org network.
/Mike
-- Hugo
On 10/3/14 5:15 PM, "Mike Hale" <eyeronic.design@gmail.com> wrote:
So does that mean the anti-rogue AP technologies by the various vendors are illegal if used in the US?
On Fri, Oct 3, 2014 at 4:54 PM, Jay Ashworth <jra@baylink.com> wrote:
----- Original Message -----
From: "Ricky Beam" <jfbeam@gmail.com>
It doesn't. The DEAUTH management frame is not encrypted and carries no authentication. The 802.11 spec only requires a reason code be provided.
What's the code for E_GREEDY?
Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Except that this is the difference between what happens at a Marriott and what would happen at a business that was running rogue AP detection. In the business the portable AP would be trying to look like the network that the company operated so as to siphon off legitimate users. In a hotel the portable AP would be trying to create a different, separate network. And so your thesis does not hold. I think this is the distinction we need. Because it's clear that the business thing should be able to happen and the hotel thing should On October 3, 2014 10:25:22 PM EDT, Hugo Slabbert <hugo@slabnet.com> wrote:
On Fri 2014-Oct-03 17:21:08 -0700, Michael Van Norman <mvn@ucla.edu> wrote:
IANAL, but I believe they are. State laws may also apply (e.g. California Code - Section 502). In California, it is illegal to "knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network." Blocking access to somebody's personal hot spot most likely qualifies.
My guess would be that the hotel or other organizations using the blocking tech would probably just say the users/admin of the rogue APs are not authorized users as setting up said AP would probably be in contravention of the AUP of the hotel/org network.
/Mike
-- Hugo
On 10/3/14 5:15 PM, "Mike Hale" <eyeronic.design@gmail.com> wrote:
So does that mean the anti-rogue AP technologies by the various vendors are illegal if used in the US?
On Fri, Oct 3, 2014 at 4:54 PM, Jay Ashworth <jra@baylink.com> wrote:
----- Original Message -----
From: "Ricky Beam" <jfbeam@gmail.com>
It doesn't. The DEAUTH management frame is not encrypted and carries no authentication. The 802.11 spec only requires a reason code be provided.
What's the code for E_GREEDY?
Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
-- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Looks like you cut off, but:
Except that this is the difference between what happens at a Marriott and what would happen at a business that was running rogue AP detection. In the business the portable AP would be trying to look like the network that the company operated so as to siphon off legitimate users. In a hotel the portable AP would be trying to create a different, separate network. And so your thesis does not hold.
But it's not a completely discrete network. It is a subset of the existing network in the most common example of e.g. a WLAN + NAT device providing access to additional clients, or at least an adjacent network attached to the existing one. Okay: theoretically a guest could spin up a hotspot and not attach it to the hotel network at all, but I'm assuming that's a pretty tiny edge case. As the administration of the hotel/org network, I'm within bounds to say you're not allowed attach unauthorized devices to the network or extend the network and that should be fair in "my network, my rules", no? And so I can take action against a breach of those terms. The hotspot is a separate network, but I don't have to allow it to connect to my network. I guess that points towards killing the wired port as a better method, as doing deauth on the hotspot(s) WLAN(s) would mean that you are participating in the separate network(s) and causing harm there rather than at the attachment point. But what then of the duplicate SSID of the nefarious user at the business? What recourse does the business have while still staying in bounds? -- Hugo On Fri 2014-Oct-03 22:27:06 -0400, Jay Ashworth <jra@baylink.com> wrote:
Except that this is the difference between what happens at a Marriott and what would happen at a business that was running rogue AP detection. In the business the portable AP would be trying to look like the network that the company operated so as to siphon off legitimate users. In a hotel the portable AP would be trying to create a different, separate network. And so your thesis does not hold.
I think this is the distinction we need. Because it's clear that the business thing should be able to happen and the hotel thing should
On October 3, 2014 10:25:22 PM EDT, Hugo Slabbert <hugo@slabnet.com> wrote:
On Fri 2014-Oct-03 17:21:08 -0700, Michael Van Norman <mvn@ucla.edu> wrote:
IANAL, but I believe they are. State laws may also apply (e.g. California Code - Section 502). In California, it is illegal to "knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network." Blocking access to somebody's personal hot spot most likely qualifies.
My guess would be that the hotel or other organizations using the blocking tech would probably just say the users/admin of the rogue APs are not authorized users as setting up said AP would probably be in contravention of the AUP of the hotel/org network.
/Mike
-- Hugo
On 10/3/14 5:15 PM, "Mike Hale" <eyeronic.design@gmail.com> wrote:
So does that mean the anti-rogue AP technologies by the various vendors are illegal if used in the US?
On Fri, Oct 3, 2014 at 4:54 PM, Jay Ashworth <jra@baylink.com> wrote:
----- Original Message -----
From: "Ricky Beam" <jfbeam@gmail.com>
It doesn't. The DEAUTH management frame is not encrypted and carries no authentication. The 802.11 spec only requires a reason code be provided.
What's the code for E_GREEDY?
Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
-- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
-- Hugo
Wifi offered by a carrier citywide, or free wifi signals from a nearby hotel / park / coffee shop.. On 04-Oct-2014 8:29 am, "Hugo Slabbert" <hugo@slabnet.com> wrote:
attached to the existing one. Okay: theoretically a guest could spin up a hotspot and not attach it to the hotel network at all, but I'm assuming that's a pretty tiny edge case.
On Sat 2014-Oct-04 08:37:32 +0530, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
Wifi offered by a carrier citywide, or free wifi signals from a nearby hotel / park / coffee shop..
Perfect example (thanks) of why cutting off network attachment points would be fair game while effectively attacking other WLANs has collateral damage.
On 04-Oct-2014 8:29 am, "Hugo Slabbert" <hugo@slabnet.com> wrote:
attached to the existing one. Okay: theoretically a guest could spin up a hotspot and not attach it to the hotel network at all, but I'm assuming that's a pretty tiny edge case.
-- Hugo
On 10/3/14, 7:57 PM, Hugo Slabbert wrote:
But it's not a completely discrete network. It is a subset of the existing network in the most common example of e.g. a WLAN + NAT device providing access to additional clients, or at least an adjacent network attached to the existing one. Okay: theoretically a guest could spin up a hotspot and not attach it to the hotel network at all, but I'm assuming that's a pretty tiny edge case.
The appropriate remedy would be to deny access to the WLAN+NAT device from your host network, not to interfere with its communication to its clients. Or ask the guest operating it to leave the premises. A guest spinning up a hotspot not connected to the hotel network is far from an edge case. Cellular 3G/4G/LTE-to-hotspot devices are quite common and widely deployed. Tethering one's laptop to one's smartphone is also very common. Jamming such communications does nothing to protect one's own wi-fi, only to protect one's profits.
As the administration of the hotel/org network, I'm within bounds to say you're not allowed attach unauthorized devices to the network or extend the network and that should be fair in "my network, my rules", no? And so I can take action against a breach of those terms.
As long as it's a legal action, such as denying the MAC of the unauthorized device to your network, absolutely. In this case it's someone else's network, hence not your rules.
The hotspot is a separate network, but I don't have to allow it to connect to my network. I guess that points towards killing the wired port as a better method, as doing deauth on the hotspot(s) WLAN(s) would mean that you are participating in the separate network(s) and causing harm there rather than at the attachment point.
Precisely.
But what then of the duplicate SSID of the nefarious user at the business? What recourse does the business have while still staying in bounds?
As long as the nefarious user isn't connecting to the business's network, none. There are likely hundreds of thousands if not millions of networks whose SSID is 'Linksys', duplicated willy-nilly worldwide. -- Jay Hennigan - CCIE #7880 - Network Engineering - jay@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
If there were a duplicate SSID, the. The nefarious user is the one causing illegal harmful interference. However, as I understand the case in question, Marriott was blocking stand-up mobile hotspots not attached to their wired network or bridged/routed through their wifi. As you pointed out, even if this were unauthorized extension of the Marriott network, Marriott's legitimate response would have been disconnecting the extension from their network, not causing harmful interference to the other network. Owen
On Oct 3, 2014, at 19:57, Hugo Slabbert <hugo@slabnet.com> wrote:
Looks like you cut off, but:
Except that this is the difference between what happens at a Marriott and what would happen at a business that was running rogue AP detection. In the business the portable AP would be trying to look like the network that the company operated so as to siphon off legitimate users. In a hotel the portable AP would be trying to create a different, separate network. And so your thesis does not hold.
But it's not a completely discrete network. It is a subset of the existing network in the most common example of e.g. a WLAN + NAT device providing access to additional clients, or at least an adjacent network attached to the existing one. Okay: theoretically a guest could spin up a hotspot and not attach it to the hotel network at all, but I'm assuming that's a pretty tiny edge case.
As the administration of the hotel/org network, I'm within bounds to say you're not allowed attach unauthorized devices to the network or extend the network and that should be fair in "my network, my rules", no? And so I can take action against a breach of those terms.
The hotspot is a separate network, but I don't have to allow it to connect to my network. I guess that points towards killing the wired port as a better method, as doing deauth on the hotspot(s) WLAN(s) would mean that you are participating in the separate network(s) and causing harm there rather than at the attachment point.
But what then of the duplicate SSID of the nefarious user at the business? What recourse does the business have while still staying in bounds?
-- Hugo
On Fri 2014-Oct-03 22:27:06 -0400, Jay Ashworth <jra@baylink.com> wrote:
Except that this is the difference between what happens at a Marriott and what would happen at a business that was running rogue AP detection. In the business the portable AP would be trying to look like the network that the company operated so as to siphon off legitimate users. In a hotel the portable AP would be trying to create a different, separate network. And so your thesis does not hold.
I think this is the distinction we need. Because it's clear that the business thing should be able to happen and the hotel thing should
On October 3, 2014 10:25:22 PM EDT, Hugo Slabbert <hugo@slabnet.com> wrote: On Fri 2014-Oct-03 17:21:08 -0700, Michael Van Norman <mvn@ucla.edu> wrote:
IANAL, but I believe they are. State laws may also apply (e.g. California Code - Section 502). In California, it is illegal to "knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network." Blocking access to somebody's personal hot spot most likely qualifies.
My guess would be that the hotel or other organizations using the blocking tech would probably just say the users/admin of the rogue APs are not authorized users as setting up said AP would probably be in contravention of the AUP of the hotel/org network.
/Mike
-- Hugo
On 10/3/14 5:15 PM, "Mike Hale" <eyeronic.design@gmail.com> wrote:
So does that mean the anti-rogue AP technologies by the various vendors are illegal if used in the US?
On Fri, Oct 3, 2014 at 4:54 PM, Jay Ashworth <jra@baylink.com> wrote: ----- Original Message ----- > From: "Ricky Beam" <jfbeam@gmail.com>
> It doesn't. The DEAUTH management frame is not encrypted and carries no > authentication. The 802.11 spec only requires a reason code be > provided.
What's the code for E_GREEDY?
Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
-- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
-- Hugo
On Fri, Oct 03, 2014 at 07:57:07PM -0700, Hugo Slabbert wrote:
But it's not a completely discrete network. It is a subset of the existing network in the most common example of e.g. a WLAN + NAT device providing access to additional clients, or at least an adjacent network attached to the existing one. Okay: theoretically a guest could spin up a hotspot and not attach it to the hotel network at all, but I'm assuming that's a pretty tiny edge case.
I don't think it is. It's common for phones to be able to share their 3G/4G/whatever wossnames with other devices over wifi. And these days you don't even have to pay the telco extra. -- David Cantrell | A machine for turning tea into grumpiness "Cynical" is a word used by the naive to describe the experienced. George Hills, in uknot
On 10/3/14 7:25 PM, "Hugo Slabbert" <hugo@slabnet.com> wrote:
On Fri 2014-Oct-03 17:21:08 -0700, Michael Van Norman <mvn@ucla.edu> wrote:
IANAL, but I believe they are. State laws may also apply (e.g. California Code - Section 502). In California, it is illegal to "knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network." Blocking access to somebody's personal hot spot most likely qualifies.
My guess would be that the hotel or other organizations using the blocking tech would probably just say the users/admin of the rogue APs are not authorized users as setting up said AP would probably be in contravention of the AUP of the hotel/org network.
They can say anything they want, it does not make it legal. There's no such thing as a "rogue" AP in this context. I can run an access point almost anywhere I want (there are limits established by the FCC in some areas) and it does not matter who owns the land underneath. They have no authority to decide whether or not my access point is "authorized." They can certainly refuse to connect me to their wired network; and they can disconnect me if they decide I am making inappropriate use of their network -- but they have no legal authority to interfere with my wireless transmissions on my own network (be it my personal hotspot, WiFi router, etc.). FWIW, the same is true in almost all corporate environments as well. /Mike
On Fri 2014-Oct-03 19:45:57 -0700, Michael Van Norman <mvn@ucla.edu> wrote:
On 10/3/14 7:25 PM, "Hugo Slabbert" <hugo@slabnet.com> wrote:
On Fri 2014-Oct-03 17:21:08 -0700, Michael Van Norman <mvn@ucla.edu> wrote:
IANAL, but I believe they are. State laws may also apply (e.g. California Code - Section 502). In California, it is illegal to "knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network." Blocking access to somebody's personal hot spot most likely qualifies.
My guess would be that the hotel or other organizations using the blocking tech would probably just say the users/admin of the rogue APs are not authorized users as setting up said AP would probably be in contravention of the AUP of the hotel/org network.
They can say anything they want, it does not make it legal.
There's no such thing as a "rogue" AP in this context. I can run an access point almost anywhere I want (there are limits established by the FCC in some areas) and it does not matter who owns the land underneath. They have no authority to decide whether or not my access point is "authorized." They can certainly refuse to connect me to their wired network; and they can disconnect me if they decide I am making inappropriate use of their network -- but they have no legal authority to interfere with my wireless transmissions on my own network (be it my personal hotspot, WiFi router, etc.). FWIW, the same is true in almost all corporate environments as well.
Thanks; I think that's the distinction I was looking for here. By spoofing deauth, the org is actively/knowingly participating on *my network* and causing harm to it without necessarily having proof that *my network* is in any way attached to *their network*. The assumption in the hotel case is likely that the WLANs of the "rogue" APs they're targeting are attached to their wired network and are attempts to extend that wireless network without authorization (and that's probably generally a pretty safe assumption), but that doesn't forgive causing harm to that WLAN. There's no reason they can't cut off the wired port of the AP if it is connected to the org's network as that's their attachment point and their call, but spoofed deauth stuff does seem to be out of bounds. I'm not clear on whether it runs afoul of FCC regs as it's not RF interference directly but rather an (ab)use of higher layer control mechanisms operating on that spectrum, but it probably does run afoul of most "thou shalt not harm other networks" legislation like the California example.
/Mike
-- Hugo
Hugo, I still don't think that you have quite made it to the distinction that we are looking for here. In the case of the hotel, we are talking about an access point that connects via 4G to a cellular carrier. An access point that attempts to create its own network for the subscribers devices. A network disjoint from the network provided by the hotel or its contractor. This is a different case from the circumstance in a business office where equipment is deployed to prevent someone from walking in with an access point /which pretends to be part of the network which the office runs./ In the latter case, the security hardware is justified in deassociating people from the rogue access point, /because it is pretending to be part of a network it is not authorized to be part of/. In the Marriott case, that is not the circumstance. The networks which the deauth probes are being aimed at are networks which are advertising themselves as being /separate from the network operated by the hotel/, and this is the distinction that makes Marriott's behavior is unacceptable. (In my opinion; I am NOT a lawyer. If following my advice breaks something, you get to keep both pieces.) On October 3, 2014 11:04:08 PM EDT, Hugo Slabbert <hugo@slabnet.com> wrote:
On Fri 2014-Oct-03 19:45:57 -0700, Michael Van Norman <mvn@ucla.edu> wrote:
On 10/3/14 7:25 PM, "Hugo Slabbert" <hugo@slabnet.com> wrote:
On Fri 2014-Oct-03 17:21:08 -0700, Michael Van Norman <mvn@ucla.edu> wrote:
IANAL, but I believe they are. State laws may also apply (e.g. California Code - Section 502). In California, it is illegal to "knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network." Blocking access to somebody's personal hot spot most likely qualifies.
My guess would be that the hotel or other organizations using the blocking tech would probably just say the users/admin of the rogue APs are not authorized users as setting up said AP would probably be in contravention of the AUP of the hotel/org network.
They can say anything they want, it does not make it legal.
There's no such thing as a "rogue" AP in this context. I can run an access point almost anywhere I want (there are limits established by the FCC in some areas) and it does not matter who owns the land underneath. They have no authority to decide whether or not my access point is "authorized." They can certainly refuse to connect me to their wired network; and they can disconnect me if they decide I am making inappropriate use of their network -- but they have no legal authority to interfere with my wireless transmissions on my own network (be it my personal hotspot, WiFi router, etc.). FWIW, the same is true in almost all corporate environments as well.
Thanks; I think that's the distinction I was looking for here. By spoofing deauth, the org is actively/knowingly participating on *my network* and causing harm to it without necessarily having proof that *my network* is in any way attached to *their network*. The assumption
in the hotel case is likely that the WLANs of the "rogue" APs they're targeting are attached to their wired network and are attempts to extend that wireless network without authorization (and that's probably generally a pretty safe assumption), but that doesn't forgive causing harm to that WLAN. There's no reason they can't cut off the wired port
of the AP if it is connected to the org's network as that's their attachment point and their call, but spoofed deauth stuff does seem to be out of bounds.
I'm not clear on whether it runs afoul of FCC regs as it's not RF interference directly but rather an (ab)use of higher layer control mechanisms operating on that spectrum, but it probably does run afoul of most "thou shalt not harm other networks" legislation like the California example.
/Mike
-- Hugo
-- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Jay, Thanks; I think I was stretching this a bit far beyond just the Marriott example. Killing hotspots of completely discrete networks "because $$$" is heinous. I had extended this to e.g.: 1. Hotel charges for either wired or wireless access per device and has network policies to that effect. 2. Guest pays for a single device and hooks up an AP or AP/NAT combo to the wired port. 3. User piggybacks multiple devices on that device's WLAN. ...to try to flesh out the scenarios. In the attempt I went a bit far off the reservation. Apologies for the noise. -- Hugo On Fri 2014-Oct-03 23:32:39 -0400, Jay Ashworth <jra@baylink.com> wrote:
Hugo, I still don't think that you have quite made it to the distinction that we are looking for here.
In the case of the hotel, we are talking about an access point that connects via 4G to a cellular carrier. An access point that attempts to create its own network for the subscribers devices. A network disjoint from the network provided by the hotel or its contractor.
This is a different case from the circumstance in a business office where equipment is deployed to prevent someone from walking in with an access point /which pretends to be part of the network which the office runs./
In the latter case, the security hardware is justified in deassociating people from the rogue access point, /because it is pretending to be part of a network it is not authorized to be part of/.
In the Marriott case, that is not the circumstance. The networks which the deauth probes are being aimed at are networks which are advertising themselves as being /separate from the network operated by the hotel/, and this is the distinction that makes Marriott's behavior is unacceptable.
(In my opinion; I am NOT a lawyer. If following my advice breaks something, you get to keep both pieces.)
On October 3, 2014 11:04:08 PM EDT, Hugo Slabbert <hugo@slabnet.com> wrote:
On Fri 2014-Oct-03 19:45:57 -0700, Michael Van Norman <mvn@ucla.edu> wrote:
On 10/3/14 7:25 PM, "Hugo Slabbert" <hugo@slabnet.com> wrote:
On Fri 2014-Oct-03 17:21:08 -0700, Michael Van Norman <mvn@ucla.edu> wrote:
IANAL, but I believe they are. State laws may also apply (e.g. California Code - Section 502). In California, it is illegal to "knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network." Blocking access to somebody's personal hot spot most likely qualifies.
My guess would be that the hotel or other organizations using the blocking tech would probably just say the users/admin of the rogue APs are not authorized users as setting up said AP would probably be in contravention of the AUP of the hotel/org network.
They can say anything they want, it does not make it legal.
There's no such thing as a "rogue" AP in this context. I can run an access point almost anywhere I want (there are limits established by the FCC in some areas) and it does not matter who owns the land underneath. They have no authority to decide whether or not my access point is "authorized." They can certainly refuse to connect me to their wired network; and they can disconnect me if they decide I am making inappropriate use of their network -- but they have no legal authority to interfere with my wireless transmissions on my own network (be it my personal hotspot, WiFi router, etc.). FWIW, the same is true in almost all corporate environments as well.
Thanks; I think that's the distinction I was looking for here. By spoofing deauth, the org is actively/knowingly participating on *my network* and causing harm to it without necessarily having proof that *my network* is in any way attached to *their network*. The assumption
in the hotel case is likely that the WLANs of the "rogue" APs they're targeting are attached to their wired network and are attempts to extend that wireless network without authorization (and that's probably generally a pretty safe assumption), but that doesn't forgive causing harm to that WLAN. There's no reason they can't cut off the wired port
of the AP if it is connected to the org's network as that's their attachment point and their call, but spoofed deauth stuff does seem to be out of bounds.
I'm not clear on whether it runs afoul of FCC regs as it's not RF interference directly but rather an (ab)use of higher layer control mechanisms operating on that spectrum, but it probably does run afoul of most "thou shalt not harm other networks" legislation like the California example.
/Mike
-- Hugo
-- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
-- Hugo
No problem, Hugo. In fact, if you paid for Wired service and plugged your own router in, you would still be creating your own network, and not pretending to be the hotel's network. At the RF layer. So it would not be legal for them to zap that either. Doing so might /violate your agreement for the wired internet/, but that's a problem up in layer 10... (People, money, lawyers) On October 3, 2014 11:45:48 PM EDT, Hugo Slabbert <hugo@slabnet.com> wrote:
Jay,
Thanks; I think I was stretching this a bit far beyond just the Marriott example. Killing hotspots of completely discrete networks "because $$$" is heinous. I had extended this to e.g.:
1. Hotel charges for either wired or wireless access per device and has network policies to that effect. 2. Guest pays for a single device and hooks up an AP or AP/NAT combo to the wired port. 3. User piggybacks multiple devices on that device's WLAN.
...to try to flesh out the scenarios. In the attempt I went a bit far off the reservation. Apologies for the noise.
-- Hugo
On Fri 2014-Oct-03 23:32:39 -0400, Jay Ashworth <jra@baylink.com> wrote:
Hugo, I still don't think that you have quite made it to the distinction that we are looking for here.
In the case of the hotel, we are talking about an access point that connects via 4G to a cellular carrier. An access point that attempts to create its own network for the subscribers devices. A network disjoint from the network provided by the hotel or its contractor.
This is a different case from the circumstance in a business office where equipment is deployed to prevent someone from walking in with an access point /which pretends to be part of the network which the office runs./
In the latter case, the security hardware is justified in deassociating people from the rogue access point, /because it is pretending to be part of a network it is not authorized to be part of/.
In the Marriott case, that is not the circumstance. The networks which the deauth probes are being aimed at are networks which are advertising themselves as being /separate from the network operated by the hotel/, and this is the distinction that makes Marriott's behavior is unacceptable.
(In my opinion; I am NOT a lawyer. If following my advice breaks something, you get to keep both pieces.)
On Fri 2014-Oct-03 19:45:57 -0700, Michael Van Norman <mvn@ucla.edu> wrote:
On 10/3/14 7:25 PM, "Hugo Slabbert" <hugo@slabnet.com> wrote:
On Fri 2014-Oct-03 17:21:08 -0700, Michael Van Norman <mvn@ucla.edu> wrote:
IANAL, but I believe they are. State laws may also apply (e.g. California Code - Section 502). In California, it is illegal to "knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network." Blocking access to somebody's personal hot spot most likely qualifies.
My guess would be that the hotel or other organizations using the blocking tech would probably just say the users/admin of the rogue APs are not authorized users as setting up said AP would probably be in contravention of the AUP of the hotel/org network.
They can say anything they want, it does not make it legal.
There's no such thing as a "rogue" AP in this context. I can run an access point almost anywhere I want (there are limits established by the FCC in some areas) and it does not matter who owns the land underneath. They have no authority to decide whether or not my access point is "authorized." They can certainly refuse to connect me to their wired network; and they can disconnect me if they decide I am making inappropriate use of their network -- but they have no legal authority to interfere with my wireless transmissions on my own network (be it my personal hotspot, WiFi router, etc.). FWIW, the same is true in almost all corporate environments as well.
Thanks; I think that's the distinction I was looking for here. By spoofing deauth, the org is actively/knowingly participating on *my network* and causing harm to it without necessarily having proof that *my network* is in any way attached to *their network*. The assumption
in the hotel case is likely that the WLANs of the "rogue" APs they're targeting are attached to their wired network and are attempts to extend that wireless network without authorization (and that's probably generally a pretty safe assumption), but that doesn't forgive causing harm to that WLAN. There's no reason they can't cut off the wired
On October 3, 2014 11:04:08 PM EDT, Hugo Slabbert <hugo@slabnet.com> wrote: port
of the AP if it is connected to the org's network as that's their attachment point and their call, but spoofed deauth stuff does seem
to
be out of bounds.
I'm not clear on whether it runs afoul of FCC regs as it's not RF interference directly but rather an (ab)use of higher layer control mechanisms operating on that spectrum, but it probably does run afoul of most "thou shalt not harm other networks" legislation like the California example.
/Mike
-- Hugo
-- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
-- Hugo
-- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
On Oct 3, 2014, at 10:45 PM, Hugo Slabbert <hugo@slabnet.com> wrote:
Jay,
Killing hotspots of completely discrete networks "because $$$" is heinous. I had extended this to e.g.:
It’s not just Marriott doing this; A friend of mine went to a convention near DC and found the venue was doing something like this. I don’t know if the method was the same, but he reported that any time he connected to his phone he would be disconnected “nearly immediately". He mentioned this to a con staffer and was told you had to rent internet access from the venue, it cost several hundred dollars per day. Same for electricity, about which he was told “If you have to ask how much it costs, you cannot afford it.”
On Fri, Oct 03, 2014 at 10:57:29PM -0500, Daniel Seagraves wrote:
It?s not just Marriott doing this; A friend of mine went to a convention near DC and found the venue was doing something like this. I don?t know if the method was the same, but he reported that any time he connected to his phone he would be disconnected ?nearly immediately". He mentioned this to a con staffer and was told you had to rent internet access from the venue, it cost several hundred dollars per day. Same for electricity, about which he
I've seen this in a few places, but if anyone encounters similar behavior, I suggest the following: - Document the incident. - Identify the make and model of the access point, or controller, and be sure to pass along this information to the FCC's OET: http://transition.fcc.gov/oet/ Vendors really need to start losing their US device certification for devices that include advertised features that violate US law. It would put a stop to this sort of thing pretty quickly. --msa
----- Original Message -----
From: "Majdi S. Abbas" <msa@latt.net>
I've seen this in a few places, but if anyone encounters similar behavior, I suggest the following:
- Document the incident. - Identify the make and model of the access point, or controller, and be sure to pass along this information to the FCC's OET: http://transition.fcc.gov/oet/
Vendors really need to start losing their US device certification for devices that include advertised features that violate US law. It would put a stop to this sort of thing pretty quickly.
Majdi makes an excellent point, but I want to clarify it, so no one misses the important subtext: It is OK for an enterprise wifi system to make this sort of attack *on rogue APs which are trying to pretend to be part of it (same ESSID). It is NOT OK for an enterprise wifi system to make this sort of attack on APs which *are not trying to pretend to be part of it* (we'll call this The Marriott Attack from now on, right?) Rogue AP prevention is a *useful* feature in enterprise wifi systems... but *that isn't what Marriott was doing*. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
On 10/04/2014 10:23 AM, Jay Ashworth wrote:
Majdi makes an excellent point, but I want to clarify it, so no one misses the important subtext:
It is OK for an enterprise wifi system to make this sort of attack *on rogue APs which are trying to pretend to be part of it (same ESSID).
It is NOT OK for an enterprise wifi system to make this sort of attack on APs which *are not trying to pretend to be part of it* (we'll call this The Marriott Attack from now on, right?)
Rogue AP prevention is a *useful* feature in enterprise wifi systems... but *that isn't what Marriott was doing*.
So I work in a small office in a building that has many "enterprise" wifi's I can see whether I like it or not. What if one of them decided that our wifi was "rogue" and started trying to stamp it out? Mike, this seems like it might be a universally bad idea...
On 4 Oct 2014, at 12:35, Michael Thomas wrote:
On 10/04/2014 10:23 AM, Jay Ashworth wrote: So I work in a small office in a building that has many "enterprise" wifi's I can see whether I like it or not. What if one of them decided that our wifi was "rogue" and started trying to stamp it out?
It happens daily. We have 22 offices around the world, each in downtown towers. We use Cisco WLCs, and those controllers see constant deauth frames coming from people above us, below us, and from the four sides around us. It is a real battle. The only thing to do is use lots of APs in the office so as to keep the power levels down. In a couple of cases our office managers personally visited the offices of people above, below, and across from us and discussed the problem. It helped.
Mike, this seems like it might be a universally bad idea...
It isn't a bad idea, as we need to protect our corporate networks. But there are unintended consequences, to be sure.
On Sat, Oct 4, 2014 at 12:48 PM, SML <sml@lordsargon.com> wrote:
On 4 Oct 2014, at 12:35, Michael Thomas wrote:
On 10/04/2014 10:23 AM, Jay Ashworth wrote: So I work in a small office in a building that has many "enterprise" whether I like it or not. What if one of them decided that our wifi was "rogue" and>> started trying to stamp it out? It happens daily. We have 22 offices around the world, each in downtown towers. We use Cisco WLCs, and those controllers see constant deauth frames coming from people above us, below us, and from the four sides around us. It is a real battle. The only thing to do is use lots of APs in the office so as to keep the power levels down.
Well, based on the Marriott incident, it seems that what you need to do is figure out where the Deauths are coming from via direction finding and start sending written notices to your neighbors, and if the behavior persists --- follow them up with some FCC interference complaints. https://esupport.fcc.gov/ccmsforms/form2000.action -- -JH
* Jay Ashworth:
It is OK for an enterprise wifi system to make this sort of attack *on rogue APs which are trying to pretend to be part of it (same ESSID).
What if the ESSID is "Free Internet", or if the network is completely open? Does it change things if you have data that shows your customers can be duped even by networks with a non-colliding ESSID?
Well now, Florian, there you lead me into deep water. I am inclined to say that that circumstance would fall into the category of "things you might have a valid reason to want to do, but which the regulations might prevent you from doing even if they are drawn thoughtfully." Myself, I am inclined to think that you have a right to try to protect your users of your ESSID network from people pretending to be it, but that you probably don't have a right to try to protect people who are too stupid to be attaching to the right thing. And yes, I realize that if a Windows machine for example tries to attach to a network and gets knocked off it might move down its list and the user might not notice. If your network is this much of an attack target, make sure your building is a Faraday cage, and then you can knock off anything you like. In the final analysis, what will really happen in a business environment, is likely just that your warning system will warn you, and you will walk around with an AirCheck and find the rogue AP and unplug it and beat over the head with it whomever set it up. :-) On October 5, 2014 3:57:05 PM EDT, Florian Weimer <fw@deneb.enyo.de> wrote:
* Jay Ashworth:
It is OK for an enterprise wifi system to make this sort of attack *on rogue APs which are trying to pretend to be part of it (same ESSID).
What if the ESSID is "Free Internet", or if the network is completely open? Does it change things if you have data that shows your customers can be duped even by networks with a non-colliding ESSID?
-- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
On Oct 5, 2014, at 12:57 PM, Florian Weimer <fw@deneb.enyo.de> wrote:
* Jay Ashworth:
It is OK for an enterprise wifi system to make this sort of attack *on rogue APs which are trying to pretend to be part of it (same ESSID).
What if the ESSID is "Free Internet", or if the network is completely open? Does it change things if you have data that shows your customers can be duped even by networks with a non-colliding ESSID?
To the best of my knowledge, not under the current regulatory framework. It’s not considered harmful interference if the SSID isn’t conflicting. The fact that your users are stupid isn’t license for you to attack someone else’s network. Owen
On 10/3/14, 8:45 PM, Hugo Slabbert wrote:
Jay,
Thanks; I think I was stretching this a bit far beyond just the Marriott example. Killing hotspots of completely discrete networks "because $$$" is heinous. I had extended this to e.g.:
1. Hotel charges for either wired or wireless access per device and has network policies to that effect.
OK.
2. Guest pays for a single device and hooks up an AP or AP/NAT combo to the wired port.
Guest has only a single device connected to hotel's network, which he is paying for. OK.
3. User piggybacks multiple devices on that device's WLAN.
His network, his rules. Hotel has no right to interfere. He only has one device connected to them. Same scenario as that of a residential ISP where a user pays for one dynamic IP address, installs a NAT box and connects several devices to it. If hotel has an AUP that specifically prohibits this, then they are within their rights to disconnect the user from their network, but not to interfere with his network. If they do so he now has his own little private WLAN going nowhere but it works just fine. -- Jay Hennigan - CCIE #7880 - Network Engineering - jay@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
On Sat, Oct 4, 2014 at 4:32 AM, Jay Ashworth <jra@baylink.com> wrote:
Hugo, I still don't think that you have quite made it to the distinction that we are looking for here.
In the case of the hotel, we are talking about an access point that connects via 4G to a cellular carrier. An access point that attempts to create its own network for the subscribers devices. A network disjoint from the network provided by the hotel or its contractor.
To put it another way, if you plugged a USB cable into the 4G device and the other end into a laptop, and a hotel manager appeared with a big pair of scissors and cut through it, in an effort to make you buy WLAN service from the hotel, nobody would think this either legal or reasonable. Why should it be more acceptable because you used radio? What about IrDA, if you're a technical masochist?
This is a different case from the circumstance in a business office where equipment is deployed to prevent someone from walking in with an access point /which pretends to be part of the network which the office runs./
In the latter case, the security hardware is justified in deassociating people from the rogue access point, /because it is pretending to be part of a network it is not authorized to be part of/.
In the Marriott case, that is not the circumstance. The networks which the deauth probes are being aimed at are networks which are advertising themselves as being /separate from the network operated by the hotel/, and this is the distinction that makes Marriott's behavior is unacceptable.
(In my opinion; I am NOT a lawyer. If following my advice breaks something, you get to keep both pieces.)
On October 3, 2014 11:04:08 PM EDT, Hugo Slabbert <hugo@slabnet.com> wrote:
On Fri 2014-Oct-03 19:45:57 -0700, Michael Van Norman <mvn@ucla.edu> wrote:
On 10/3/14 7:25 PM, "Hugo Slabbert" <hugo@slabnet.com> wrote:
On Fri 2014-Oct-03 17:21:08 -0700, Michael Van Norman <mvn@ucla.edu> wrote:
IANAL, but I believe they are. State laws may also apply (e.g. California Code - Section 502). In California, it is illegal to "knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network." Blocking access to somebody's personal hot spot most likely qualifies.
My guess would be that the hotel or other organizations using the blocking tech would probably just say the users/admin of the rogue APs are not authorized users as setting up said AP would probably be in contravention of the AUP of the hotel/org network.
They can say anything they want, it does not make it legal.
There's no such thing as a "rogue" AP in this context. I can run an access point almost anywhere I want (there are limits established by the FCC in some areas) and it does not matter who owns the land underneath. They have no authority to decide whether or not my access point is "authorized." They can certainly refuse to connect me to their wired network; and they can disconnect me if they decide I am making inappropriate use of their network -- but they have no legal authority to interfere with my wireless transmissions on my own network (be it my personal hotspot, WiFi router, etc.). FWIW, the same is true in almost all corporate environments as well.
Thanks; I think that's the distinction I was looking for here. By spoofing deauth, the org is actively/knowingly participating on *my network* and causing harm to it without necessarily having proof that *my network* is in any way attached to *their network*. The assumption
in the hotel case is likely that the WLANs of the "rogue" APs they're targeting are attached to their wired network and are attempts to extend that wireless network without authorization (and that's probably generally a pretty safe assumption), but that doesn't forgive causing harm to that WLAN. There's no reason they can't cut off the wired port
of the AP if it is connected to the org's network as that's their attachment point and their call, but spoofed deauth stuff does seem to be out of bounds.
I'm not clear on whether it runs afoul of FCC regs as it's not RF interference directly but rather an (ab)use of higher layer control mechanisms operating on that spectrum, but it probably does run afoul of most "thou shalt not harm other networks" legislation like the California example.
/Mike
-- Hugo
-- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
On 10/3/14, 8:04 PM, Hugo Slabbert wrote:
I'm not clear on whether it runs afoul of FCC regs as it's not RF interference directly but rather an (ab)use of higher layer control mechanisms operating on that spectrum, but it probably does run afoul of most "thou shalt not harm other networks" legislation like the California example.
You can't get to layer 2 or layer 3 without layer 1. The abuse of higher layer control protocols requires an RF transmitter within the radio spectrum, hence it is interference. It is a much more selectively targeted type of interference than broadband noise, but it's very obviously interference over radio frequencies by any definition. -- -- Jay Hennigan - CCIE #7880 - Network Engineering - jay@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
The hotel is being fined for blocking/jamming users setting up wifi via mobile technologies and such, not using the hotel's network. Hard for me to imagine how the hotel gets to insert itself into any applicable AUP in that scenario. Owen
On Oct 3, 2014, at 19:25, Hugo Slabbert <hugo@slabnet.com> wrote:
On Fri 2014-Oct-03 17:21:08 -0700, Michael Van Norman <mvn@ucla.edu> wrote:
IANAL, but I believe they are. State laws may also apply (e.g. California Code - Section 502). In California, it is illegal to "knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network." Blocking access to somebody's personal hot spot most likely qualifies.
My guess would be that the hotel or other organizations using the blocking tech would probably just say the users/admin of the rogue APs are not authorized users as setting up said AP would probably be in contravention of the AUP of the hotel/org network.
/Mike
-- Hugo
On 10/3/14 5:15 PM, "Mike Hale" <eyeronic.design@gmail.com> wrote:
So does that mean the anti-rogue AP technologies by the various vendors are illegal if used in the US?
On Fri, Oct 3, 2014 at 4:54 PM, Jay Ashworth <jra@baylink.com> wrote: ----- Original Message -----
From: "Ricky Beam" <jfbeam@gmail.com>
It doesn't. The DEAUTH management frame is not encrypted and carries no authentication. The 802.11 spec only requires a reason code be provided.
What's the code for E_GREEDY?
Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Sounds likely at least in unlicensed bands Jared Mauch
On Oct 3, 2014, at 8:15 PM, Mike Hale <eyeronic.design@gmail.com> wrote:
So does that mean the anti-rogue AP technologies by the various vendors are illegal if used in the US?
On Fri, Oct 3, 2014 at 4:54 PM, Jay Ashworth <jra@baylink.com> wrote: ----- Original Message -----
From: "Ricky Beam" <jfbeam@gmail.com>
It doesn't. The DEAUTH management frame is not encrypted and carries no authentication. The 802.11 spec only requires a reason code be provided.
What's the code for E_GREEDY?
Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
There are IPS features in nearly all of the 'enterprise' level wireless products now: http://www.cisco.com/c/en/us/products/collateral/wireless/adaptive-wireless-... http://www.aerohive.com/solutions/applications/secure.html Doing a search for WIPs - or browsing forums about poorly configured WIPS/Policies can show that the deauth storms can be quite turbulent. ~mianosm On Fri, Oct 3, 2014 at 4:06 PM, David Hubbard <dhubbard@dino.hostasaurus.com
wrote:
Saw this article:
http://www.cnn.com/2014/10/03/travel/marriott-fcc-wi-fi-fine/
The interesting part:
'A federal investigation of the Gaylord Opryland Resort and Convention Center in Nashville found that Marriott employees had used "containment features of a Wi-Fi monitoring system" at the hotel to prevent people from accessing their own personal Wi-Fi networks.'
I'm aware of how the illegal wifi blocking devices work, but any idea what legal hardware they were using to effectively keep their own wifi available but render everyone else's inaccessible?
David
On Friday 03 October 2014 13:06:55 David Hubbard wrote: ...
I'm aware of how the illegal wifi blocking devices work, but any idea what legal hardware they were using to effectively keep their own wifi available but render everyone else's inaccessible?
From other discussions, they were apparently continuously sending client deauth packets to any non-Marriott access points within range. Adrian
-----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of David Hubbard Sent: Friday, October 03, 2014 3:07 PM To: NANOG Subject: Marriott wifi blocking Saw this article: http://www.cnn.com/2014/10/03/travel/marriott-fcc-wi-fi-fine/ The interesting part: 'A federal investigation of the Gaylord Opryland Resort and Convention Center in Nashville found that Marriott employees had used "containment features of a Wi-Fi monitoring system" at the hotel to prevent people from accessing their own personal Wi-Fi networks.' I'm aware of how the illegal wifi blocking devices work, but any idea what legal hardware they were using to effectively keep their own wifi available but render everyone else's inaccessible? David ------- David, All major WiFi players have some seek-and-destroy function to prevent rogues on/near their network. It is the responsibly of the IT folks to determine how aggressive these settings are, and to what needs deauth sent to clients. These can be very effective in dropping sessions from clients on unauthorized systems. The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers. -- Opinions expressed in this email are mine and not that of my employer. Shane Allan Godmere
The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers.
I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum. My reading of this is that these features are illegal, period. Rogue AP detection is one thing, and disabling them via network or "administrative" (ie. eject the guest) means would be fine, but interfering with the wireless is not acceptable per the FCC regulations. Seems like common sense to me. If the FCC considers this 'interference', which it apparently does, then devices MUST NOT intentionally interfere. K
On 10/03/2014 03:23 PM, Keenan Tims wrote:
The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers. I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum.
+1
My reading of this is that these features are illegal, period. Rogue AP detection is one thing, and disabling them via network or "administrative" (ie. eject the guest) means would be fine, but interfering with the wireless is not acceptable per the FCC regulations.
Seems like common sense to me. If the FCC considers this 'interference', which it apparently does, then devices MUST NOT intentionally interfere.
I would expect interfering for defensive purposes **only** would be acceptable. --John
K
On Fri 2014-Oct-03 16:01:21 -0600, John Schiel <jschiel@flowtools.net> wrote:
On 10/03/2014 03:23 PM, Keenan Tims wrote:
The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers. I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum.
+1
My reading of this is that these features are illegal, period. Rogue AP detection is one thing, and disabling them via network or "administrative" (ie. eject the guest) means would be fine, but interfering with the wireless is not acceptable per the FCC regulations.
Seems like common sense to me. If the FCC considers this 'interference', which it apparently does, then devices MUST NOT intentionally interfere.
I would expect interfering for defensive purposes **only** would be acceptable.
What constitutes "defensive purposes"?
--John
K
-- Hugo
My reading of this is that these features are illegal, period. Rogue AP detection is one thing, and disabling them via network or "administrative" (ie. eject the guest) means would be fine, but interfering with the wireless is not acceptable per the FCC regulations.
Seems like common sense to me. If the FCC considers this 'interference', which it apparently does, then devices MUST NOT intentionally interfere.
I would expect interfering for defensive purposes **only** would be acceptable.
What constitutes "defensive purposes"?
Since this is unlicensed spectrum, I don't think there is anything one has a right to defend :) /Mike
On 10/03/14 17:34, Michael Van Norman wrote:
My reading of this is that these features are illegal, period. Rogue AP detection is one thing, and disabling them via network or "administrative" (ie. eject the guest) means would be fine, but interfering with the wireless is not acceptable per the FCC regulations.
Seems like common sense to me. If the FCC considers this 'interference', which it apparently does, then devices MUST NOT intentionally interfere. I would expect interfering for defensive purposes **only** would be acceptable. What constitutes "defensive purposes"? Since this is unlicensed spectrum, I don't think there is anything one has a right to defend :)
/Mike
If you charge for access and one person pays and sets up a rogue AP offering free WiFi to anyone in range. I can see a defensive angle there. Lyle Giese LCR Computer Services, Inc.
On 10/3/14 3:44 PM, "Lyle Giese" <lyle@lcrcomputer.net> wrote:
On 10/03/14 17:34, Michael Van Norman wrote:
My reading of this is that these features are illegal, period. Rogue AP detection is one thing, and disabling them via network or "administrative" (ie. eject the guest) means would be fine, but interfering with the wireless is not acceptable per the FCC regulations.
Seems like common sense to me. If the FCC considers this 'interference', which it apparently does, then devices MUST NOT intentionally interfere. I would expect interfering for defensive purposes **only** would be acceptable. What constitutes "defensive purposes"? Since this is unlicensed spectrum, I don't think there is anything one has a right to defend :)
/Mike
If you charge for access and one person pays and sets up a rogue AP offering free WiFi to anyone in range. I can see a defensive angle there.
Lyle Giese LCR Computer Services, Inc.
In that case turn off the offenders access. No FCC violation doing that. In any case, that was not what was happening here. /Mike
On 10/03/2014 04:26 PM, Hugo Slabbert wrote:
On Fri 2014-Oct-03 16:01:21 -0600, John Schiel <jschiel@flowtools.net> wrote:
On 10/03/2014 03:23 PM, Keenan Tims wrote:
The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers. I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum.
+1
My reading of this is that these features are illegal, period. Rogue AP detection is one thing, and disabling them via network or "administrative" (ie. eject the guest) means would be fine, but interfering with the wireless is not acceptable per the FCC regulations.
Seems like common sense to me. If the FCC considers this 'interference', which it apparently does, then devices MUST NOT intentionally interfere.
I would expect interfering for defensive purposes **only** would be acceptable.
What constitutes "defensive purposes"?
Whoa, lots of replies this weekend. I haven't made my way through all of them but the point was to try and protect your network from an offensive device. It seems though, if you are law abiding and follow the FCC rules, you **cannot** protect yourself very well using the wireless spectrum. Need to do some more reading I guess. --John
--John
K
On 10/3/14 6:01 PM, John Schiel wrote:
On 10/03/2014 03:23 PM, Keenan Tims wrote:
The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers. I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum.
+1
My reading of this is that these features are illegal, period. Rogue AP detection is one thing, and disabling them via network or "administrative" (ie. eject the guest) means would be fine, but interfering with the wireless is not acceptable per the FCC regulations.
Seems like common sense to me. If the FCC considers this 'interference', which it apparently does, then devices MUST NOT intentionally interfere.
I would expect interfering for defensive purposes **only** would be acceptable.
if you have a device licensed under fcc part 15 it may not cause harmful interference to other users of the spectrum.
--John
K
http://www.arrl.org/part-15-radio-frequency-devices#Definitions http://www.ecfr.gov/cgi-bin/text-idx?node=pt47.1.15 (m) Harmful interference. Any emission, radiation or induction that endangers the functioning of a radio navigation service or of other safety services or seriously degrades, obstructs or repeatedly interrupts a radiocommunications service operating in accordance with this chapter. On Oct 3, 2014 6:17 PM, "joel jaeggli" <joelja@bogus.com> wrote:
On 10/3/14 6:01 PM, John Schiel wrote:
On 10/03/2014 03:23 PM, Keenan Tims wrote:
The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers. I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum.
+1
My reading of this is that these features are illegal, period. Rogue AP detection is one thing, and disabling them via network or "administrative" (ie. eject the guest) means would be fine, but interfering with the wireless is not acceptable per the FCC regulations.
Seems like common sense to me. If the FCC considers this 'interference', which it apparently does, then devices MUST NOT intentionally interfere.
I would expect interfering for defensive purposes **only** would be acceptable.
if you have a device licensed under fcc part 15 it may not cause harmful interference to other users of the spectrum.
--John
K
On Fri, Oct 03, 2014 at 02:23:46PM -0700, Keenan Tims wrote:
The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers.
I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum.
I think that depends on the terms of your lease agreement. Could not a hotel or conference center operate reserve the right to employ active devices to disable any unauthorized wireless systems? Perhaps because they want to charge to provide that service, because they don't want errant signals leaking from their building, a rogue device could be considered an intruder and represent a risk to the network, or because they don't want someone setting up a system that would interfere with their wireless gear and take down other clients who are on premesis... Would not such an active device be quite appropriate there? -Wayne --- Wayne Bouchard web@typo.org Network Dude http://www.typo.org/~web/
On 10/3/14 7:12 PM, Wayne E Bouchard wrote:
On Fri, Oct 03, 2014 at 02:23:46PM -0700, Keenan Tims wrote:
The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers.
I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum.
I think that depends on the terms of your lease agreement. Could not a hotel or conference center operate reserve the right to employ active devices to disable any unauthorized wireless systems? Perhaps because they want to charge to provide that service, because they don't want errant signals leaking from their building, a rogue device could be considered an intruder and represent a risk to the network, or because they don't want someone setting up a system that would interfere with their wireless gear and take down other clients who are on premesis...
Would not such an active device be quite appropriate there?
http://transition.fcc.gov/Bureaus/Engineering_Technology/Documents/bulletins... ... The FCC rules are designed to control the marketing of low-power transmitters and, to a lesser extent, their use. If the operation of a non-compliant transmitter causes interference to authorized radio communications, the user should stop operating the transmitter or correct the problem causing the interference. However, the person (or company) that sold this non-compliant transmitter to the user has violated the FCC marketing rules in Part 2 as well as federal law. The act of selling or leasing, offering to sell or lease, or importing a low-power transmitter that has not gone through the appropriate FCC equipment authorization procedure is a violation of the Commission's rules and federal law. ...
-Wayne
--- Wayne Bouchard web@typo.org Network Dude http://www.typo.org/~web/
On Oct 3, 2014, at 16:12 , Wayne E Bouchard <web@typo.org> wrote:
On Fri, Oct 03, 2014 at 02:23:46PM -0700, Keenan Tims wrote:
The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers.
I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum.
I think that depends on the terms of your lease agreement. Could not a hotel or conference center operate reserve the right to employ active devices to disable any unauthorized wireless systems? Perhaps because they want to charge to provide that service, because they don't want errant signals leaking from their building, a rogue device could be considered an intruder and represent a risk to the network, or because they don't want someone setting up a system that would interfere with their wireless gear and take down other clients who are on premesis...
Would not such an active device be quite appropriate there?
You may consider it appropriate from a financial or moral perspective, but it is absolutely wrong under the communications act of 1934 as amended. The following is an oversimplification and IANAL, but generally: You are _NOT_ allowed to intentionally cause harmful interference with a signal for any reason. If you are the primary user on a frequency, you are allowed to conduct your normal operations without undue concern for other users of the same spectrum, but you are not allowed to deliberately interfere with any secondary user just for the sake of interfering with them. The kind of active devices being discussed and the activities of the hotel in question appear to have run well afoul of these regulations. As someone else said, owning the property does not constitute ownership of the airwaves within the boundaries of the property, at least in the US (and I suspect in most if not all ITU countries). Owen
----- Original Message -----
From: "Owen DeLong" <owen@delong.com>
On Oct 3, 2014, at 16:12 , Wayne E Bouchard <web@typo.org> wrote:
Would not such an active device be quite appropriate there?
You may consider it appropriate from a financial or moral perspective, but it is absolutely wrong under the communications act of 1934 as amended.
The following is an oversimplification and IANAL, but generally:
You are _NOT_ allowed to intentionally cause harmful interference with a signal for any reason. If you are the primary user on a frequency, you are allowed to conduct your normal operations without undue concern for other users of the same spectrum, but you are not allowed to deliberately interfere with any secondary user just for the sake of interfering with them.
The kind of active devices being discussed and the activities of the hotel in question appear to have run well afoul of these regulations.
Well, this will certainly have interesting implications on providing wireless service on business premises, won't it? Are Cisco et alia accessories-before? Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
On Fri 2014-Oct-03 16:49:49 -0700, Owen DeLong <owen@delong.com> wrote:
On Oct 3, 2014, at 16:12 , Wayne E Bouchard <web@typo.org> wrote:
On Fri, Oct 03, 2014 at 02:23:46PM -0700, Keenan Tims wrote:
The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers.
I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum.
I think that depends on the terms of your lease agreement. Could not a hotel or conference center operate reserve the right to employ active devices to disable any unauthorized wireless systems? Perhaps because they want to charge to provide that service, because they don't want errant signals leaking from their building, a rogue device could be considered an intruder and represent a risk to the network, or because they don't want someone setting up a system that would interfere with their wireless gear and take down other clients who are on premesis...
Would not such an active device be quite appropriate there?
You may consider it appropriate from a financial or moral perspective, but it is absolutely wrong under the communications act of 1934 as amended.
The following is an oversimplification and IANAL, but generally:
You are _NOT_ allowed to intentionally cause harmful interference with a signal for any reason. If you are the primary user on a frequency, you are allowed to conduct your normal operations without undue concern for other users of the same spectrum, but you are not allowed to deliberately interfere with any secondary user just for the sake of interfering with them.
The kind of active devices being discussed and the activities of the hotel in question appear to have run well afoul of these regulations.
As someone else said, owning the property does not constitute ownership of the airwaves within the boundaries of the property, at least in the US (and I suspect in most if not all ITU countries).
Owen
Serious question: do the FCC regulations on RF spectrum interference extend beyond layer 1? I would assume that blasting a bunch of RF noise would be pretty obviously out of bounds, but my understanding is that the mechanisms described for rogue AP squashing operate at L2. The *effect* is to render the wireless medium pretty much useless for its intended purpose, but that's accomplished by the use (abuse?) of higher layer control mechanisms. I'm not condoning this, but do the FCC regulations RF interference apply? Do they have authority above L1 in this case? -- Hugo
One of the reasons I pointed to the California law is that it covers above L1 even if FCC authority does not. The state law also provides for criminal penalties. I do not know if other states have similar laws. /Mike On 10/3/14 7:42 PM, "Hugo Slabbert" <hugo@slabnet.com> wrote:
On Fri 2014-Oct-03 16:49:49 -0700, Owen DeLong <owen@delong.com> wrote:
On Oct 3, 2014, at 16:12 , Wayne E Bouchard <web@typo.org> wrote:
On Fri, Oct 03, 2014 at 02:23:46PM -0700, Keenan Tims wrote:
The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers.
I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum.
I think that depends on the terms of your lease agreement. Could not a hotel or conference center operate reserve the right to employ active devices to disable any unauthorized wireless systems? Perhaps because they want to charge to provide that service, because they don't want errant signals leaking from their building, a rogue device could be considered an intruder and represent a risk to the network, or because they don't want someone setting up a system that would interfere with their wireless gear and take down other clients who are on premesis...
Would not such an active device be quite appropriate there?
You may consider it appropriate from a financial or moral perspective, but it is absolutely wrong under the communications act of 1934 as amended.
The following is an oversimplification and IANAL, but generally:
You are _NOT_ allowed to intentionally cause harmful interference with a signal for any reason. If you are the primary user on a frequency, you are allowed to conduct your normal operations without undue concern for other users of the same spectrum, but you are not allowed to deliberately interfere with any secondary user just for the sake of interfering with them.
The kind of active devices being discussed and the activities of the hotel in question appear to have run well afoul of these regulations.
As someone else said, owning the property does not constitute ownership of the airwaves within the boundaries of the property, at least in the US (and I suspect in most if not all ITU countries).
Owen
Serious question: do the FCC regulations on RF spectrum interference extend beyond layer 1? I would assume that blasting a bunch of RF noise would be pretty obviously out of bounds, but my understanding is that the mechanisms described for rogue AP squashing operate at L2. The *effect* is to render the wireless medium pretty much useless for its intended purpose, but that's accomplished by the use (abuse?) of higher layer control mechanisms.
I'm not condoning this, but do the FCC regulations RF interference apply? Do they have authority above L1 in this case?
-- Hugo
If the signal that is causing the harmful interference is a radio transmission, then the FCC doesn't differentiate between noise and intelligent harmful interference. If you interfere elsewhere on the wire or without transmitting, you might avoid the part 15 rules about causing harmful interference. If you transmit a signal over the air, then the FCC has authority and requires that you not cause harmful interference. Owen
On Oct 3, 2014, at 19:42, Hugo Slabbert <hugo@slabnet.com> wrote:
On Fri 2014-Oct-03 16:49:49 -0700, Owen DeLong <owen@delong.com> wrote:
On Oct 3, 2014, at 16:12 , Wayne E Bouchard <web@typo.org> wrote:
On Fri, Oct 03, 2014 at 02:23:46PM -0700, Keenan Tims wrote:
The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers.
I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum.
I think that depends on the terms of your lease agreement. Could not a hotel or conference center operate reserve the right to employ active devices to disable any unauthorized wireless systems? Perhaps because they want to charge to provide that service, because they don't want errant signals leaking from their building, a rogue device could be considered an intruder and represent a risk to the network, or because they don't want someone setting up a system that would interfere with their wireless gear and take down other clients who are on premesis...
Would not such an active device be quite appropriate there?
You may consider it appropriate from a financial or moral perspective, but it is absolutely wrong under the communications act of 1934 as amended.
The following is an oversimplification and IANAL, but generally:
You are _NOT_ allowed to intentionally cause harmful interference with a signal for any reason. If you are the primary user on a frequency, you are allowed to conduct your normal operations without undue concern for other users of the same spectrum, but you are not allowed to deliberately interfere with any secondary user just for the sake of interfering with them.
The kind of active devices being discussed and the activities of the hotel in question appear to have run well afoul of these regulations.
As someone else said, owning the property does not constitute ownership of the airwaves within the boundaries of the property, at least in the US (and I suspect in most if not all ITU countries).
Owen
Serious question: do the FCC regulations on RF spectrum interference extend beyond layer 1? I would assume that blasting a bunch of RF noise would be pretty obviously out of bounds, but my understanding is that the mechanisms described for rogue AP squashing operate at L2. The *effect* is to render the wireless medium pretty much useless for its intended purpose, but that's accomplished by the use (abuse?) of higher layer control mechanisms.
I'm not condoning this, but do the FCC regulations RF interference apply? Do they have authority above L1 in this case?
-- Hugo
IANAL but no, I think it most certainly does not, at least in the USA, depend on the terms of your *lease* agreement. In particular, I refer you to http://apps.fcc.gov/ecfs/document/view;?id=6518608517 where in the US Federal Communications Commission (FCC) specifically voided terms restricting Wi-Fi in space leased from the Massachusetts Port Authority at Boston airport as in violation of the OTARD (Over The Air Reception Device) FCC rules. This probably doesn't apply if you are a mere licensee but if you are a leaseholder, including being a tenant-in-possession, as you are if you rent a hotel room, I think they do apply. Thanks, Donald ============================= Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3@gmail.com On Fri, Oct 3, 2014 at 7:12 PM, Wayne E Bouchard <web@typo.org> wrote:
On Fri, Oct 03, 2014 at 02:23:46PM -0700, Keenan Tims wrote:
The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers.
I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum.
I think that depends on the terms of your lease agreement. Could not a hotel or conference center operate reserve the right to employ active devices to disable any unauthorized wireless systems? Perhaps because they want to charge to provide that service, because they don't want errant signals leaking from their building, a rogue device could be considered an intruder and represent a risk to the network, or because they don't want someone setting up a system that would interfere with their wireless gear and take down other clients who are on premesis...
Would not such an active device be quite appropriate there?
-Wayne
--- Wayne Bouchard web@typo.org Network Dude http://www.typo.org/~web/
participants (35)
-
Adrian -
Alexander Harrowell -
Alistair Mackenzie -
Daniel Seagraves -
Darin Herteen -
David Cantrell -
David Hubbard -
Donald Eastlake -
Florian Weimer -
Godmere, Shane -
Gregory Moberg -
Hugo Slabbert -
Jared Mauch -
Jay Ashworth -
Jay Hennigan -
Jimmy Hess -
joel jaeggli -
John Kristoff -
John Schiel -
Keenan Tims -
Lyle Giese -
Majdi S. Abbas -
Michael O Holstein -
Michael Thomas -
Michael Van Norman -
Mike Hale -
Nick Olsen -
Owen DeLong -
Philip Dorr -
Ricky Beam -
SML -
Steven Miano -
Suresh Ramasubramanian -
telmnstr@757.org -
Wayne E Bouchard