'A federal investigation of the Gaylord Opryland Resort and
Convention Center in Nashville found that Marriott employees
had used "containment features of a Wi-Fi monitoring system"
at the hotel to prevent people from accessing their own
personal Wi-Fi networks.'
I'm aware of how the illegal wifi blocking devices work, but
any idea what legal hardware they were using to effectively
keep their own wifi available but render everyone else's
inaccessible?
I'm aware of how the illegal wifi blocking devices work, but
any idea what legal hardware they were using to effectively
keep their own wifi available but render everyone else's
inaccessible?
Doesn't Cisco and other vendors offer "rouge AP squashing" features?
legality is questionable insofar as "this device must not cause harmful interference" of PartB
but how it works is by sending DEAUTH packets with spoofed MAC addresses
"rouge AP" response on Cisco/Aruba works like this.
Not sure the specific implementation. But I've heard of Rouge AP detection
done in two ways.
1. Associate to the "Rouge" ap. Send a packet, See if it appears on your
network, Shut the port off it appeared from. I think this is the cisco way?
Not sure. This is automated of course. This method wouldn't work in this
case. Because it wasn't connected to the hotels network
2. Your AP's detect the "Rouge" AP, They slam out a ton of "Deauth's"
directed at the clients, As if they are the AP. Effectively telling the
client to "disconnect".
Side question for those smarter than I. How does WPA encryption play into
this? Would a client associated to a WPA2 AP take a non-encrypted deauth
appearing from the same BSSID?
I'm aware of how the illegal wifi blocking devices work, but
any idea what legal hardware they were using to effectively
keep their own wifi available but render everyone else's
inaccessible?
From other discussions, they were apparently continuously sending client
deauth packets to any non-Marriott access points within range.
'A federal investigation of the Gaylord Opryland Resort and Convention Center in Nashville found that Marriott employees had used "containment features of a Wi-Fi monitoring system"
at the hotel to prevent people from accessing their own personal Wi-Fi networks.'
I'm aware of how the illegal wifi blocking devices work, but any idea what legal hardware they were using to effectively keep their own wifi available but render everyone else's inaccessible?
I would think this would not sit very well with the providers. They've
likely installed equip nearby to the hotel & conv.ctr in order to
adequately handle the concentration of devices at that location. True?
Relation discussion on this topic has come up from time to time. I
believe the last time was in a thread that starts here and includes
various methods of network-based rogue AP detection if you follow all
the responses and links:
One of my favorite ways long ago, not sure if this works reliably
anymore, was to watch who was joining well known AP IP multicast groups
commonly associated with different wireless gear, something you can
easily do on routers (e.g. show ip igmp group _group_address_).
There are also a number of well known OUIs associated with AP gear that
are easily to monitor for in arp/bridge/cam tables.
The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers.
I can't imagine that any 'AP-squashing' packets are ever authorized,
outside of a lab. The wireless spectrum is shared by all, regardless of
physical locality. Because it's your building doesn't mean you own the
spectrum.
My reading of this is that these features are illegal, period. Rogue AP
detection is one thing, and disabling them via network or
"administrative" (ie. eject the guest) means would be fine, but
interfering with the wireless is not acceptable per the FCC regulations.
Seems like common sense to me. If the FCC considers this 'interference',
which it apparently does, then devices MUST NOT intentionally interfere.
The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers.
I can't imagine that any 'AP-squashing' packets are ever authorized,
outside of a lab. The wireless spectrum is shared by all, regardless of
physical locality. Because it's your building doesn't mean you own the
spectrum.
+1
My reading of this is that these features are illegal, period. Rogue AP
detection is one thing, and disabling them via network or
"administrative" (ie. eject the guest) means would be fine, but
interfering with the wireless is not acceptable per the FCC regulations.
Seems like common sense to me. If the FCC considers this 'interference',
which it apparently does, then devices MUST NOT intentionally interfere.
I would expect interfering for defensive purposes **only** would be acceptable.
The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers.
I can't imagine that any 'AP-squashing' packets are ever authorized,
outside of a lab. The wireless spectrum is shared by all, regardless of
physical locality. Because it's your building doesn't mean you own the
spectrum.
+1
My reading of this is that these features are illegal, period. Rogue AP
detection is one thing, and disabling them via network or
"administrative" (ie. eject the guest) means would be fine, but
interfering with the wireless is not acceptable per the FCC regulations.
Seems like common sense to me. If the FCC considers this 'interference',
which it apparently does, then devices MUST NOT intentionally interfere.
I would expect interfering for defensive purposes **only** would be acceptable.
My reading of this is that these features are illegal, period. Rogue AP
detection is one thing, and disabling them via network or
"administrative" (ie. eject the guest) means would be fine, but
interfering with the wireless is not acceptable per the FCC regulations.
Seems like common sense to me. If the FCC considers this 'interference',
which it apparently does, then devices MUST NOT intentionally interfere.
I would expect interfering for defensive purposes **only** would be
acceptable.
What constitutes "defensive purposes"?
Since this is unlicensed spectrum, I don't think there is anything one has
a right to defend
I think that depends on the terms of your lease agreement. Could not
a hotel or conference center operate reserve the right to employ
active devices to disable any unauthorized wireless systems? Perhaps
because they want to charge to provide that service, because they
don't want errant signals leaking from their building, a rogue device
could be considered an intruder and represent a risk to the network,
or because they don't want someone setting up a system that would
interfere with their wireless gear and take down other clients who are
on premesis...
Would not such an active device be quite appropriate there?
