[174919] in North American Network Operators' Group
Re: Marriott wifi blocking
daemon@ATHENA.MIT.EDU (Owen DeLong)
Sun Oct 5 02:16:23 2014
X-Original-To: nanog@nanog.org
From: Owen DeLong <owen@delong.com>
In-Reply-To: <54305C14.1000907@mtcc.com>
Date: Sat, 4 Oct 2014 23:13:40 -0700
To: Michael Thomas <mike@mtcc.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>, Brandon Ross <bross@pobox.com>
Errors-To: nanog-bounces@nanog.org
Very true. I wasn't talking about ideal solutions. I was talking about curre=
nt state of FCC regulations.=20
Further, you seem to assume a level of control over client behavior that is r=
are in my experience.=20
Owen
> On Oct 4, 2014, at 13:44, Michael Thomas <mike@mtcc.com> wrote:
>=20
>> On 10/04/2014 01:33 PM, Owen DeLong wrote:
>>> On Oct 4, 2014, at 12:39 , Brandon Ross <bross@pobox.com> wrote:
>>>=20
>>>> On Sat, 4 Oct 2014, Michael Thomas wrote:
>>>>=20
>>>> The problem is that there's really no such thing as a "copycat" if the c=
lient doesn't have the means of authenticating the destination. If that's re=
ally the requirement, people should start bitching to ieee to get destinatio=
n auth on ap's instead of blatantly asserting that somebody owns a particula=
r ssid because, well, because.
>>> In the enterprise environment that there's been some insistence from fol=
ks on this list is a legitimate place to block "rogue" APs, what makes those=
SSIDs, "yours"? Just because they were used first by the enterprise? That d=
oesn't seem to hold water in an unlicensed environment to me at all.
>> Pretty much... Here's why...
>>=20
>> If you are using an SSID in an area, anyone else using the same SSID late=
r is causing harmful interference to your network. It's a first-come-first-s=
erve situation. Just like amateur radio spectrum... If you're using a freque=
ncy to carry on a conversation with someone, other hams have an obligation n=
ot to interfere with your conversation (except in an emergency). It's a bit m=
ore complicated there, because you're obliged to reasonably accommodate othe=
rs wishing to use the frequency, but in the case of SSIDs, there's no such r=
equirement.
>>=20
>> Now, if I start using SSID XYZ in building 1 and someone else is using it=
in building 3 and the two coverage zones don't overlap, I'm not entitled to=
extend my XYZ SSID into building 3 when I rent space there, because someone=
else is using it in that location first.
>>=20
>> I can only extend my XYZ coverage zone so far as there are no competing X=
YZ SSIDs in the locations I'm expanding in to.
>>=20
>>> If the Marriott can't do this, I don't think anyone can, legally.
>> If I set up something on an SSID Marriott is already using, then my bad a=
nd they have the right to take appropriate defensive action to protect their=
network.
>=20
> No. Seriously, no. Biggest come, biggest serve doesn't do a damn bit of go=
od dealing with the actual problem which is
> one of authentication. Think of this with the big I internet without TLS. W=
hat you're asking for is complete chaos.
>=20
> Stomping on other AP is an arms race in which nobody wins. If I want to gu=
arantee that I only connect to $MEGACORP
> AP's, I should be using strong authentication, not AP neutron bombs to cle=
ar the battlefield.
>=20
> Mike
