nanog mailing list archives

Re: Marriott wifi blocking

From: Chris Marget <chris () marget com>
Date: Sat, 4 Oct 2014 15:06:01 -0400

On Sat, Oct 4, 2014 at 2:47 PM, Jay Ashworth <jra () baylink com> wrote:


----- Original Message -----

From: "Chris Marget" <chris () marget com>

You [I] said:

It is OK for an enterprise wifi system to make this sort of attack
*on rogue APs which are trying to pretend to be part of it (same

ESSID).


I'm curious to hear how you'd rationalize containing a copycat AP
under the current rules.

<snip>

The "need to manage our RF space" arguments ring hollow to me. I

certainly

understand why someone would *want* to manage the spectrum, but that's
just not anyone's privilege when using ISM bands. If the need is great
enough, get some licensed spectrum and manage that.


I wasn't making that argument.


Yes, sorry. I presented two arguments. Only the one about copycat SSIDs is
yours.

I was making the "if someone tries to pretend to be part of my network,
so that my users will inadvertantly attach to them and possibly leak
'classified' data, *then that rogue user is making a 1030 attack on my
network*.

A copycat AP is unquestionably hostile, and likely interfering with

users,

but I'm unconvinced that the hostility triggers a privilege to attack it
under part 15 rules. In addition to not being allowed to interfere, we

also

have:


You're not attacking it, per se; you are defensively disconnecting from
it *users who are part of your own network*; these are endpoints *you are
administratively allowed to exert control over*, from my viewpoint.


Okay, so we're not talking about wholesale containment of the copycat AP,
but rather management of our own client devices which, by definition, we
can't interfere with. Because they're ours.

That approach sounds perfectly reasonable. I wonder, absent certificates,
how one can be certain about the identity of the client, and if such a
narrowly scoped containment mechanism is actually implemented by the
various checkboxes available to enterprise wifi administrators.

I make a clear distinction (now that it's not 3am :-) between what

Marriott

is doing, and what enterprises doing rogue protection are doing, as noted
above.


Is it clear exactly what "enterprises going rogue protection" are up to?
I've asked several, gotten wildly different answers. Keeping "my clients"
off "copycat APs" sounds reasonable. More aggressive action might not be.

Thanks.

Current thread:

Re: Marriott wifi blocking, (continued)
- - - Re: Marriott wifi blocking Jay Ashworth (Oct 03)
    - Re: Marriott wifi blocking Hugo Slabbert (Oct 03)
    - Re: Marriott wifi blocking Michael Van Norman (Oct 03)
    - Re: Marriott wifi blocking Owen DeLong (Oct 03)
    - Re: Marriott wifi blocking Donald Eastlake (Oct 03)
  - Message not available
    - Re: Marriott wifi blocking Larry Sheldon (Oct 03)
    - Re: Marriott wifi blocking Valdis . Kletnieks (Oct 03)
    - Message not available
    - Re: Marriott wifi blocking Larry Sheldon (Oct 03)
- Re: Marriott wifi blocking Alistair Mackenzie (Oct 04)
- Re: Marriott wifi blocking Jay Ashworth (Oct 04)
  - Re: Marriott wifi blocking Chris Marget (Oct 04)
  - Re: Marriott wifi blocking Michael Thomas (Oct 04)
    - Re: Marriott wifi blocking Brandon Ross (Oct 04)
    - Re: Marriott wifi blocking Owen DeLong (Oct 04)
    - Re: Marriott wifi blocking Michael Thomas (Oct 04)
    - Re: Marriott wifi blocking Owen DeLong (Oct 04)
    - Re: Marriott wifi blocking Michael Thomas (Oct 04)
    - Re: Marriott wifi blocking Owen DeLong (Oct 06)
    - Re: Marriott wifi blocking Michael Thomas (Oct 06)
    - Re: Marriott wifi blocking Owen DeLong (Oct 06)
    - Re: Marriott wifi blocking Michael Thomas (Oct 06)

(Thread continues...)