[174878] in North American Network Operators' Group
Re: Marriott wifi blocking
daemon@ATHENA.MIT.EDU (Hugo Slabbert)
Fri Oct 3 23:04:18 2014
X-Original-To: nanog@nanog.org
Date: Fri, 3 Oct 2014 20:04:08 -0700
From: Hugo Slabbert <hugo@slabnet.com>
To: Michael Van Norman <mvn@ucla.edu>
In-Reply-To: <D054ABD9.D41B4%mvn@ucla.edu>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--+JUInw4efm7IfTNU
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri 2014-Oct-03 19:45:57 -0700, Michael Van Norman <mvn@ucla.edu> wrote:
>On 10/3/14 7:25 PM, "Hugo Slabbert" <hugo@slabnet.com> wrote:
>
>>On Fri 2014-Oct-03 17:21:08 -0700, Michael Van Norman <mvn@ucla.edu>
>>wrote:
>>
>>>IANAL, but I believe they are. State laws may also apply (e.g.
>>>California
>>>Code - Section 502). In California, it is illegal to "knowingly and
>>>without permission disrupts or causes the disruption of computer services
>>>or denies or causes the denial of computer services to an authorized user
>>>of a computer, computer system, or computer network." Blocking access to
>>>somebody's personal hot spot most likely qualifies.
>>
>>My guess would be that the hotel or other organizations using the
>>blocking tech would probably just say the users/admin of the rogue APs
>>are not authorized users as setting up said AP would probably be in
>>contravention of the AUP of the hotel/org network.
>
>They can say anything they want, it does not make it legal.
>
>There's no such thing as a "rogue" AP in this context. I can run an
>access point almost anywhere I want (there are limits established by the
>FCC in some areas) and it does not matter who owns the land underneath.
>They have no authority to decide whether or not my access point is
>"authorized." They can certainly refuse to connect me to their wired
>network; and they can disconnect me if they decide I am making
>inappropriate use of their network -- but they have no legal authority to
>interfere with my wireless transmissions on my own network (be it my
>personal hotspot, WiFi router, etc.). FWIW, the same is true in almost
>all corporate environments as well.
Thanks; I think that's the distinction I was looking for here. By=20
spoofing deauth, the org is actively/knowingly participating on *my=20
network* and causing harm to it without necessarily having proof that=20
*my network* is in any way attached to *their network*. The assumption=20
in the hotel case is likely that the WLANs of the "rogue" APs they're=20
targeting are attached to their wired network and are attempts to extend=20
that wireless network without authorization (and that's probably=20
generally a pretty safe assumption), but that doesn't forgive causing=20
harm to that WLAN. There's no reason they can't cut off the wired port=20
of the AP if it is connected to the org's network as that's their=20
attachment point and their call, but spoofed deauth stuff does seem to=20
be out of bounds.
I'm not clear on whether it runs afoul of FCC regs as it's not RF=20
interference directly but rather an (ab)use of higher layer control=20
mechanisms operating on that spectrum, but it probably does run afoul of=20
most "thou shalt not harm other networks" legislation like the=20
California example.
>
>/Mike
>
>
--=20
Hugo
--+JUInw4efm7IfTNU
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCgAGBQJUL2OoAAoJEJqxD/2xeDE+CjgP/0jWDsUuxtQww5EIwmLo1rZi
dqaJvZDtT7vJmMDjqZBYqFHICCjGtSu3o/BPkMuSLhK0u/KeFvck5g8ZJALXRIGp
eYljjMG/o23EE7rtut1q9etph8YVeRPxyU8Z4XV1RRVRBGxqVzC0mKG3iz6lGF3Z
muI+AnzmuOHYDBNq1PKhAwoyzPcI1Rr5H/IG9uemdQHtQbh5tmP5rpe601Nq/kUG
P8Hl8wHfoNM2MC76ObzqOKXtyeFpBFXqVPaDQI9uwPxj7iJt8Wu5+LY0i0Z+Ko1n
PTzPH7pjZoQxZSaGksDUQ2hHWwfsuVFZHMDzy2SYMnxde7RzLMLzR1XN2u3CIA+v
NnurVGqrCHvn3IzmHtj+T52zO68IT2DBZGia3wPnUPjEurlo4RMEzWL6ksC4FA1Q
WdwheYoIeW4D3E1pDkYPUsMkSDZoD4QFdRP/FC5UeLO4DJtmnmLdv2rXEuFhPjsh
c5byefi4LO2StV7TJsrcXOzaFo5A6jClXNSfwRMl1xW0ZR67rlZez0LsLw6lB+3o
pGWR4bKUMM5pNEg978Tq4/N5zKsZR4phLFO4sDCrIYYSMthf2kOsHHETxV8VJZZo
qo3cR4NLausRyFkrWMpiPfv4Yvtveb3YjcAwVVA9LorYlUs/bWSxrcymzhyPMqKQ
NxenQolK0YuvSr4UJkeq
=rK3S
-----END PGP SIGNATURE-----
--+JUInw4efm7IfTNU--
