[174910] in North American Network Operators' Group
Re: Marriott wifi blocking
daemon@ATHENA.MIT.EDU (Owen DeLong)
Sat Oct 4 16:36:26 2014
X-Original-To: nanog@nanog.org
From: Owen DeLong <owen@delong.com>
In-Reply-To: <alpine.OSX.2.02.1410041535310.23241@brugal.local>
Date: Sat, 4 Oct 2014 13:33:13 -0700
To: Brandon Ross <bross@pobox.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On Oct 4, 2014, at 12:39 , Brandon Ross <bross@pobox.com> wrote:
> On Sat, 4 Oct 2014, Michael Thomas wrote:
>=20
>> The problem is that there's really no such thing as a "copycat" if =
the client doesn't have the means of authenticating the destination. If =
that's really the requirement, people should start bitching to ieee to =
get destination auth on ap's instead of blatantly asserting that =
somebody owns a particular ssid because, well, because.
>=20
> In the enterprise environment that there's been some insistence from =
folks on this list is a legitimate place to block "rogue" APs, what =
makes those SSIDs, "yours"? Just because they were used first by the =
enterprise? That doesn't seem to hold water in an unlicensed environment =
to me at all.
Pretty much... Here's why...
If you are using an SSID in an area, anyone else using the same SSID =
later is causing harmful interference to your network. It's a =
first-come-first-serve situation. Just like amateur radio spectrum... If =
you're using a frequency to carry on a conversation with someone, other =
hams have an obligation not to interfere with your conversation (except =
in an emergency). It's a bit more complicated there, because you're =
obliged to reasonably accommodate others wishing to use the frequency, =
but in the case of SSIDs, there's no such requirement.
Now, if I start using SSID XYZ in building 1 and someone else is using =
it in building 3 and the two coverage zones don't overlap, I'm not =
entitled to extend my XYZ SSID into building 3 when I rent space there, =
because someone else is using it in that location first.
I can only extend my XYZ coverage zone so far as there are no competing =
XYZ SSIDs in the locations I'm expanding in to.
> If the Marriott can't do this, I don't think anyone can, legally.
If I set up something on an SSID Marriott is already using, then my bad =
and they have the right to take appropriate defensive action to protect =
their network.
If I stand up a new network using an SSID Marriott isn't already using, =
then they have no right to cause harmful interference to that network.
Sharing the same channels using different SSIDs, while it may degrade =
performance (of both networks) isn't technically what I would call =
"harmful interference", nor is it considered such by the FCC. That's =
just a matter of sharing the spectrum as intended in the products =
certified for that service.
> Now, granted, if I'm doing it with the intent to disrupt the corporate =
network or steal data, there's certainly other laws to deal with that, =
but I don't think even that is justification for spoofed deauth.
Depends on whether you were the first one using the SSID in a particular =
location or not.
Sure, this can get ambiguous and difficult to prove, but the reality is =
that most cases are pretty clear cut and it's usually not hard to tell =
who is the interloper on a given SSID.
Owen
