On 10/04/2014 01:33 PM, Owen DeLong wrote:
On Oct 4, 2014, at 12:39 , Brandon Ross <[email protected]> wrote:
On Sat, 4 Oct 2014, Michael Thomas wrote:
The problem is that there's really no such thing as a "copycat" if the client
doesn't have the means of authenticating the destination. If that's really the
requirement, people should start bitching to ieee to get destination auth on ap's instead
of blatantly asserting that somebody owns a particular ssid because, well, because.
In the enterprise environment that there's been some insistence from folks on this list is a
legitimate place to block "rogue" APs, what makes those SSIDs, "yours"? Just
because they were used first by the enterprise? That doesn't seem to hold water in an unlicensed
environment to me at all.
Pretty much... Here's why...
If you are using an SSID in an area, anyone else using the same SSID later is
causing harmful interference to your network. It's a first-come-first-serve
situation. Just like amateur radio spectrum... If you're using a frequency to
carry on a conversation with someone, other hams have an obligation not to
interfere with your conversation (except in an emergency). It's a bit more
complicated there, because you're obliged to reasonably accommodate others
wishing to use the frequency, but in the case of SSIDs, there's no such
requirement.
Now, if I start using SSID XYZ in building 1 and someone else is using it in
building 3 and the two coverage zones don't overlap, I'm not entitled to extend
my XYZ SSID into building 3 when I rent space there, because someone else is
using it in that location first.
I can only extend my XYZ coverage zone so far as there are no competing XYZ
SSIDs in the locations I'm expanding in to.
If the Marriott can't do this, I don't think anyone can, legally.
If I set up something on an SSID Marriott is already using, then my bad and
they have the right to take appropriate defensive action to protect their
network.
No. Seriously, no. Biggest come, biggest serve doesn't do a damn bit of
good dealing with the actual problem which is
one of authentication. Think of this with the big I internet without
TLS. What you're asking for is complete chaos.
Stomping on other AP is an arms race in which nobody wins. If I want to
guarantee that I only connect to $MEGACORP
AP's, I should be using strong authentication, not AP neutron bombs to
clear the battlefield.
Mike
