nanog mailing list archives
Re: Marriott wifi blocking
From: Chris Marget <chris () marget com>
Date: Sat, 4 Oct 2014 15:06:01 -0400
On Sat, Oct 4, 2014 at 2:47 PM, Jay Ashworth <jra () baylink com> wrote:
----- Original Message -----From: "Chris Marget" <chris () marget com>You [I] said:It is OK for an enterprise wifi system to make this sort of attack *on rogue APs which are trying to pretend to be part of it (same
ESSID).
I'm curious to hear how you'd rationalize containing a copycat AP under the current rules.<snip>The "need to manage our RF space" arguments ring hollow to me. I
certainly
understand why someone would *want* to manage the spectrum, but that's just not anyone's privilege when using ISM bands. If the need is great enough, get some licensed spectrum and manage that.I wasn't making that argument.
Yes, sorry. I presented two arguments. Only the one about copycat SSIDs is yours.
I was making the "if someone tries to pretend to be part of my network, so that my users will inadvertantly attach to them and possibly leak 'classified' data, *then that rogue user is making a 1030 attack on my network*.A copycat AP is unquestionably hostile, and likely interfering with
users,
but I'm unconvinced that the hostility triggers a privilege to attack it under part 15 rules. In addition to not being allowed to interfere, we
also
have:You're not attacking it, per se; you are defensively disconnecting from it *users who are part of your own network*; these are endpoints *you are administratively allowed to exert control over*, from my viewpoint.
Okay, so we're not talking about wholesale containment of the copycat AP, but rather management of our own client devices which, by definition, we can't interfere with. Because they're ours. That approach sounds perfectly reasonable. I wonder, absent certificates, how one can be certain about the identity of the client, and if such a narrowly scoped containment mechanism is actually implemented by the various checkboxes available to enterprise wifi administrators.
I make a clear distinction (now that it's not 3am :-) between what
Marriott
is doing, and what enterprises doing rogue protection are doing, as noted above.
Is it clear exactly what "enterprises going rogue protection" are up to? I've asked several, gotten wildly different answers. Keeping "my clients" off "copycat APs" sounds reasonable. More aggressive action might not be. Thanks.
Current thread:
- Re: Marriott wifi blocking, (continued)
- Re: Marriott wifi blocking Jay Ashworth (Oct 03)
- Re: Marriott wifi blocking Hugo Slabbert (Oct 03)
- Re: Marriott wifi blocking Michael Van Norman (Oct 03)
- Re: Marriott wifi blocking Owen DeLong (Oct 03)
- Re: Marriott wifi blocking Donald Eastlake (Oct 03)
- Message not available
- Re: Marriott wifi blocking Larry Sheldon (Oct 03)
- Re: Marriott wifi blocking Valdis . Kletnieks (Oct 03)
- Message not available
- Re: Marriott wifi blocking Larry Sheldon (Oct 03)
- Re: Marriott wifi blocking Chris Marget (Oct 04)
- Re: Marriott wifi blocking Michael Thomas (Oct 04)
- Re: Marriott wifi blocking Brandon Ross (Oct 04)
- Re: Marriott wifi blocking Owen DeLong (Oct 04)
- Re: Marriott wifi blocking Michael Thomas (Oct 04)
- Re: Marriott wifi blocking Owen DeLong (Oct 04)
- Re: Marriott wifi blocking Michael Thomas (Oct 04)
- Re: Marriott wifi blocking Owen DeLong (Oct 06)
- Re: Marriott wifi blocking Michael Thomas (Oct 06)
- Re: Marriott wifi blocking Owen DeLong (Oct 06)
- Re: Marriott wifi blocking Michael Thomas (Oct 06)