Re: large BCP38 compliance testing
Rich Kulawiec wrote on 03/10/14 00:47: We've been down this road before. Unless there is prompt, concerted, collective action (as there was AGIS) then there is zero reason for those behind such operations to do anything but keep collecting dirty money. There is, please join: http://www.routingmanifesto.org/manrs/ Andrei
Equinix Sales
Equinix Sales seem impossible to reach. Should I just give up and go through a sales agent or can someone from Equinix sales contact me off-list?
NJ Data center equipment movers
I'm looking to have some equipment (2 x HP C7000 blade chassis ( each with 16 blades), 2 x Cisco 7600, and some small misc equipment) from a datacenter in Mahwah, NJ to Secaucus, NJ. Anyone recommend someone?
Re: DDOS - Law enforcement
On Fri, 03 Oct 2014 14:02:31 +1300, Tony Wicks said: effects of scumbags who send DDOS attacks towards my networks, It amazes me how you cannot put more effort into the blatant DDOS for hire platforms that are readily available to anyone. I mean how can these sites be allowed to continue unmolested when you can spend so much effort on P2P platforms ? Remember that high-level resources aren't dedicated based on amount of actual economic damage, but amount of lobbying effort/money. pgpoLysIkYWqs.pgp Description: PGP signature
Re: DDOS - Law enforcement
On Fri, 03 Oct 2014 10:59:28 -0400, Alain Hebert said: We where told to prouve 100k+ damage first before they even bother meeting us. Remember that a single iPod full of pirated music is $8 billion of damage. http://www.youtube.com/watch?v=GZadCj8O1-0 pgp2gcLEMgkXR.pgp Description: PGP signature
Re: large BCP38 compliance testing
On Fri, Oct 03, 2014 at 08:54:32AM +1000, Mark Andrews wrote: Or it will require legislation and I will assure that whatever is written not be liked. On the other hand everyone one in the country will be in the same boat. I concur with you -- strongly. Legislation is not the answer, because (a) it only applies in limited jurisdictions and this is a global problem and (b) it will inevitably be written by those with the deepest pockets, see for example CAN-SPAM, crafted by and for spammers and their supporters. But legislation isn't necessary. Within limits (prescribed by contractual obligations) none of us are required to offer services to arbitrary parties. We *choose* to do so, by default, all day every day because that's why we have an Internet. But we're not *obligated* to do so: those services may be withheld in full or part at any time for any reason (or even without a reason). And this is where I quote the best thing I've ever read on this mailing list: If you give people the means to hurt you, and they do it, and you take no action except to continue giving them the means to hurt you, and they take no action except to keep hurting you, then one of the ways you can describe the situation is it isn't scaling well. --- Paul Vixie Having observed, for example, the spam problem since its genesis, I can unequivocally state that the *only* thing that has ever addressed the problem (rather than merely addressing its symptoms) is SMTP blacklisting. Everything else has been ineffective, misdirected, wishful thinking. The same thing applies here: persistent, systemic sources of large-scale abuse via BCP-38 noncompliance are either: 1. Being operated by clueless, negligent, incompetent people or 2. Being operated by deliberately abusive people There are no other possibilities. (Note: persistent, systemic. Transient, isolated problems happen to everyone and are not what I'm talking about here.) It's difficult to know which of those two are true via external observation, but it's not *necessary* to know: the appropriate remedial action remains the same in either case: stop giving them the means. ---rsk
re: cogent update suppression, and routing loops
I've had the exact same thing happen. Recently, I removed a bunch of /24's that were member of a larger /20. We use to advertise the /24's to certain carriers for traffic engineering. I saw the exact same issue you're describing. I chocked it up to Slow BGP in their core. For instance, I removed the route from my session with them in Orlando. It would get removed from Orlando, But still exist in Jacksonville. And basically route loop coming in from the north. It'd land in JAX, And get forwarded to MCO. Which would then forward it back to JAX. 20-30 seconds later, it would get removed from JAX, and I'd see the same behavior between JAX and ATL. It took a 4-5 minutes in my experience for the route to finally leave the Cogent network. I lessened the blow by making Cogent the first peer I'd remove the /24 from. Leaving the other /24's out there via the other carriers. So only those that chose cogent as the most direct route felt the unintentional blackhole. Other carriers removed almost instantly as expected. Nick Olsen Network Operations (855) FLSPEED x106 From: ryanL ryan.lan...@gmail.com Sent: Thursday, October 02, 2014 12:07 PM To: North American Network Operators Group nanog@nanog.org Subject: cogent update suppression, and routing loops hi. relatively new cogent customer. is what i've stated in my subject line kinda standard fare with them? i've discovered that when i advertise a /24 from inside a larger /22 to XO, (who peers with cogent), and then pull the /24 some time later, that cogent holds onto the /24 and then bounces packets around in their network a bunch of times for upwards of 8-10 minutes until they finally yank it. this effectively blackholes traffic to my /24 for anyone that is using a path thru cogent. example: http://ryry.foursquare.com/image/0e0K1K0t0W2M it's been a bit of a frustrating experience talking to their noc to demonstrate it, but i'm able to duplicate it on demand. even pushing routes using their communities to offload the circuit takes forever to propagate even on their own looking-glasses. thx ryan
Re: cogent update suppression, and routing loops
On Thu, Oct 02, 2014 at 09:03:15AM -0700, ryanL wrote: (who peers with cogent), and then pull the /24 some time later, that cogent holds onto the /24 and then bounces packets around in their network a bunch of times for upwards of 8-10 minutes until they finally yank it. this effectively blackholes traffic to my /24 for anyone that is using a path thru cogent. Maybe running into some non-standard BGP Advertisement intervals inside Cogent's network? Might be running a lot of sub-ASes inside the confederation, and having to wait multiple advertisement intervals for full propagation. https://routingfreak.wordpress.com/tag/minimum-route-advertisement-interval/ -- Brandon Ewing (nicot...@warningg.com) pgpu5UWDhrHdp.pgp Description: PGP signature
Weekly Routing Table Report
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, LacNOG, TRNOG, CaribNOG and the RIPE Routing Working Group. Daily listings are sent to bgp-st...@lists.apnic.net For historical data, please see http://thyme.rand.apnic.net. If you have any comments please contact Philip Smith pfsi...@gmail.com. Routing Table Report 04:00 +10GMT Sat 04 Oct, 2014 Report Website: http://thyme.rand.apnic.net Detailed Analysis: http://thyme.rand.apnic.net/current/ Analysis Summary BGP routing table entries examined: 513366 Prefixes after maximum aggregation: 199005 Deaggregation factor: 2.58 Unique aggregates announced to Internet: 252719 Total ASes present in the Internet Routing Table: 48192 Prefixes per ASN: 10.65 Origin-only ASes present in the Internet Routing Table: 36237 Origin ASes announcing only one prefix: 16367 Transit ASes present in the Internet Routing Table:6144 Transit-only ASes present in the Internet Routing Table:171 Average AS path length visible in the Internet Routing Table: 4.5 Max AS path length visible: 118 Max AS path prepend of ASN ( 55644) 111 Prefixes from unregistered ASNs in the Routing Table: 1796 Unregistered ASNs in the Routing Table: 436 Number of 32-bit ASNs allocated by the RIRs: 7552 Number of 32-bit ASNs visible in the Routing Table:5811 Prefixes from 32-bit ASNs in the Routing Table: 20513 Number of bogon 32-bit ASNs visible in the Routing Table:13 Special use prefixes present in the Routing Table:0 Prefixes being announced from unallocated address space:345 Number of addresses announced to Internet: 2709985028 Equivalent to 161 /8s, 135 /16s and 23 /24s Percentage of available address space announced: 73.2 Percentage of allocated address space announced: 73.2 Percentage of available address space allocated: 100.0 Percentage of address space in use by end-sites: 96.9 Total number of prefixes smaller than registry allocations: 176366 APNIC Region Analysis Summary - Prefixes being announced by APNIC Region ASes: 124949 Total APNIC prefixes after maximum aggregation: 36672 APNIC Deaggregation factor:3.41 Prefixes being announced from the APNIC address blocks: 128774 Unique aggregates announced from the APNIC address blocks:53389 APNIC Region origin ASes present in the Internet Routing Table:4979 APNIC Prefixes per ASN: 25.86 APNIC Region origin ASes announcing only one prefix: 1189 APNIC Region transit ASes present in the Internet Routing Table:856 Average APNIC Region AS path length visible:4.8 Max APNIC Region AS path length visible:118 Number of APNIC region 32-bit ASNs visible in the Routing Table: 1115 Number of APNIC addresses announced to Internet: 734732608 Equivalent to 43 /8s, 203 /16s and 33 /24s Percentage of available APNIC address space announced: 85.9 APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575, 37888-38911, 45056-46079, 55296-56319, 58368-59391, 63488-64098, 131072-135580 APNIC Address Blocks 1/8, 14/8, 27/8, 36/8, 39/8, 42/8, 43/8, 49/8, 58/8, 59/8, 60/8, 61/8, 101/8, 103/8, 106/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8, 116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8, 123/8, 124/8, 125/8, 126/8, 133/8, 150/8, 153/8, 163/8, 171/8, 175/8, 180/8, 182/8, 183/8, 202/8, 203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8, 222/8, 223/8, ARIN Region Analysis Summary Prefixes being announced by ARIN Region ASes:170714 Total ARIN prefixes after maximum aggregation:85222 ARIN Deaggregation factor: 2.00 Prefixes being announced from the ARIN address blocks: 172625 Unique aggregates announced from the ARIN address blocks: 80799 ARIN Region origin ASes present in the Internet Routing Table:16372 ARIN
Re: cogent update suppression, and routing loops
circling back on this, i guess my case with cogent has been escalated to vp engineering, and i've had a few people reply on and off list citing the same problems. i encourage you to open up cases to help demonstrate further examples (ie: it's not just me!) thx everyone. ryan On Thu, Oct 2, 2014 at 9:03 AM, ryanL ryan.lan...@gmail.com wrote: hi. relatively new cogent customer. is what i've stated in my subject line kinda standard fare with them? i've discovered that when i advertise a /24 from inside a larger /22 to XO, (who peers with cogent), and then pull the /24 some time later, that cogent holds onto the /24 and then bounces packets around in their network a bunch of times for upwards of 8-10 minutes until they finally yank it. this effectively blackholes traffic to my /24 for anyone that is using a path thru cogent. example: http://ryry.foursquare.com/image/0e0K1K0t0W2M it's been a bit of a frustrating experience talking to their noc to demonstrate it, but i'm able to duplicate it on demand. even pushing routes using their communities to offload the circuit takes forever to propagate even on their own looking-glasses. thx ryan
Re: large BCP38 compliance testing
On Fri, 3 Oct 2014, Rich Kulawiec wrote: The same thing applies here: persistent, systemic sources of large-scale abuse via BCP-38 noncompliance are either: 1. Being operated by clueless, negligent, incompetent people or 2. Being operated by deliberately abusive people There are no other possibilities. (Note: persistent, systemic. Transient, isolated problems happen to everyone and are not what I'm talking about here.) It's difficult to know which of those two are true via external observation, but it's not *necessary* to know: the appropriate remedial action remains the same in either case: stop giving them the means. So how do we detect these and make sure they feel pain for not doing the right thing. The CIDR report hasn't incurred pain as far as I know, so public shaming doesn't seem to work even in cases where we can detect people incurring hurt on others. So how do we work this? It obviously hasn't worked so far, what do we change to make this work? -- Mikael Abrahamssonemail: swm...@swm.pp.se
Re: large BCP38 compliance testing
Well (beware it is friday), On the 1st of January 2015: . Refuse every routes; . Start accepting only those passing some sort of BCP38 specs performed by some QSA =D; . ??? . Profit; On 10/03/14 15:03, Mikael Abrahamsson wrote: On Fri, 3 Oct 2014, Rich Kulawiec wrote: The same thing applies here: persistent, systemic sources of large-scale abuse via BCP-38 noncompliance are either: 1. Being operated by clueless, negligent, incompetent people or 2. Being operated by deliberately abusive people There are no other possibilities. (Note: persistent, systemic. Transient, isolated problems happen to everyone and are not what I'm talking about here.) It's difficult to know which of those two are true via external observation, but it's not *necessary* to know: the appropriate remedial action remains the same in either case: stop giving them the means. So how do we detect these and make sure they feel pain for not doing the right thing. The CIDR report hasn't incurred pain as far as I know, so public shaming doesn't seem to work even in cases where we can detect people incurring hurt on others. So how do we work this? It obviously hasn't worked so far, what do we change to make this work?
Re: Equinix Sales
coresite might be a good alternative if they are in the market you are trying to get space into. Carlos Alcantar Race Communications / Race Team Member 1325 Howard Ave. #604, Burlingame, CA. 94010 Phone: +1 415 376 3314 / car...@race.com / http://www.race.com On 10/3/14, 7:33 AM, Daniel Corbe co...@corbe.net wrote: Equinix Sales seem impossible to reach. Should I just give up and go through a sales agent or can someone from Equinix sales contact me off-list?
Marriott wifi blocking
Saw this article: http://www.cnn.com/2014/10/03/travel/marriott-fcc-wi-fi-fine/ The interesting part: 'A federal investigation of the Gaylord Opryland Resort and Convention Center in Nashville found that Marriott employees had used containment features of a Wi-Fi monitoring system at the hotel to prevent people from accessing their own personal Wi-Fi networks.' I'm aware of how the illegal wifi blocking devices work, but any idea what legal hardware they were using to effectively keep their own wifi available but render everyone else's inaccessible? David
re: Marriott wifi blocking
Not sure the specific implementation. But I've heard of Rouge AP detection done in two ways. 1. Associate to the Rouge ap. Send a packet, See if it appears on your network, Shut the port off it appeared from. I think this is the cisco way? Not sure. This is automated of course. This method wouldn't work in this case. Because it wasn't connected to the hotels network 2. Your AP's detect the Rouge AP, They slam out a ton of Deauth's directed at the clients, As if they are the AP. Effectively telling the client to disconnect. Side question for those smarter than I. How does WPA encryption play into this? Would a client associated to a WPA2 AP take a non-encrypted deauth appearing from the same BSSID? Nick Olsen Network Operations (855) FLSPEED x106 From: David Hubbard dhubb...@dino.hostasaurus.com Sent: Friday, October 03, 2014 4:11 PM To: NANOG nanog@nanog.org Subject: Marriott wifi blocking Saw this article: http://www.cnn.com/2014/10/03/travel/marriott-fcc-wi-fi-fine/ The interesting part: 'A federal investigation of the Gaylord Opryland Resort and Convention Center in Nashville found that Marriott employees had used containment features of a Wi-Fi monitoring system at the hotel to prevent people from accessing their own personal Wi-Fi networks.' I'm aware of how the illegal wifi blocking devices work, but any idea what legal hardware they were using to effectively keep their own wifi available but render everyone else's inaccessible? David
Re: Marriott wifi blocking
I'm aware of how the illegal wifi blocking devices work, but any idea what legal hardware they were using to effectively keep their own wifi available but render everyone else's inaccessible? Doesn't Cisco and other vendors offer rouge AP squashing features? - Ethan O'Toole
Re: Marriott wifi blocking
legality is questionable insofar as this device must not cause harmful interference of PartB but how it works is by sending DEAUTH packets with spoofed MAC addresses rouge AP response on Cisco/Aruba works like this. Regards, Michael Holstein Cleveland State University From: NANOG nanog-boun...@nanog.org on behalf of David Hubbard dhubb...@dino.hostasaurus.com Sent: Friday, October 03, 2014 4:06 PM To: NANOG Subject: Marriott wifi blocking Saw this article: http://www.cnn.com/2014/10/03/travel/marriott-fcc-wi-fi-fine/ The interesting part: 'A federal investigation of the Gaylord Opryland Resort and Convention Center in Nashville found that Marriott employees had used containment features of a Wi-Fi monitoring system at the hotel to prevent people from accessing their own personal Wi-Fi networks.' I'm aware of how the illegal wifi blocking devices work, but any idea what legal hardware they were using to effectively keep their own wifi available but render everyone else's inaccessible? David
Re: Marriott wifi blocking
On Friday 03 October 2014 13:06:55 David Hubbard wrote: ... I'm aware of how the illegal wifi blocking devices work, but any idea what legal hardware they were using to effectively keep their own wifi available but render everyone else's inaccessible? From other discussions, they were apparently continuously sending client deauth packets to any non-Marriott access points within range. Adrian
Re: Marriott wifi blocking
There are IPS features in nearly all of the 'enterprise' level wireless products now: http://www.cisco.com/c/en/us/products/collateral/wireless/adaptive-wireless-ips-software/data_sheet_c78-501388.html http://www.aerohive.com/solutions/applications/secure.html Doing a search for WIPs - or browsing forums about poorly configured WIPS/Policies can show that the deauth storms can be quite turbulent. ~mianosm On Fri, Oct 3, 2014 at 4:06 PM, David Hubbard dhubb...@dino.hostasaurus.com wrote: Saw this article: http://www.cnn.com/2014/10/03/travel/marriott-fcc-wi-fi-fine/ The interesting part: 'A federal investigation of the Gaylord Opryland Resort and Convention Center in Nashville found that Marriott employees had used containment features of a Wi-Fi monitoring system at the hotel to prevent people from accessing their own personal Wi-Fi networks.' I'm aware of how the illegal wifi blocking devices work, but any idea what legal hardware they were using to effectively keep their own wifi available but render everyone else's inaccessible? David
Re: Marriott wifi blocking
but how it works is by sending DEAUTH packets with spoofed MAC addresses rouge AP response on Cisco/Aruba works like this. DIY version if you want to try it out .. just download Kali/Backtrack or compile aircrack-ng http://www.aircrack-ng.org/doku.php?id=deauthentication Regards, Michael Holstein Cleveland State University From: NANOG nanog-boun...@nanog.org on behalf of David Hubbard dhubb...@dino.hostasaurus.com Sent: Friday, October 03, 2014 4:06 PM To: NANOG Subject: Marriott wifi blocking Saw this article: http://www.cnn.com/2014/10/03/travel/marriott-fcc-wi-fi-fine/ The interesting part: 'A federal investigation of the Gaylord Opryland Resort and Convention Center in Nashville found that Marriott employees had used containment features of a Wi-Fi monitoring system at the hotel to prevent people from accessing their own personal Wi-Fi networks.' I'm aware of how the illegal wifi blocking devices work, but any idea what legal hardware they were using to effectively keep their own wifi available but render everyone else's inaccessible? David
Re: Marriott wifi blocking
On Fri, 3 Oct 2014 16:16:22 -0400 Nick Olsen n...@flhsi.com wrote: Not sure the specific implementation. But I've heard of Rouge AP detection done in two ways. Relation discussion on this topic has come up from time to time. I believe the last time was in a thread that starts here and includes various methods of network-based rogue AP detection if you follow all the responses and links: http://mailman.nanog.org/pipermail/nanog/2012-October/052690.html One of my favorite ways long ago, not sure if this works reliably anymore, was to watch who was joining well known AP IP multicast groups commonly associated with different wireless gear, something you can easily do on routers (e.g. show ip igmp group _group_address_). There are also a number of well known OUIs associated with AP gear that are easily to monitor for in arp/bridge/cam tables. John
RE: Marriott wifi blocking
-Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of David Hubbard Sent: Friday, October 03, 2014 3:07 PM To: NANOG Subject: Marriott wifi blocking Saw this article: http://www.cnn.com/2014/10/03/travel/marriott-fcc-wi-fi-fine/ The interesting part: 'A federal investigation of the Gaylord Opryland Resort and Convention Center in Nashville found that Marriott employees had used containment features of a Wi-Fi monitoring system at the hotel to prevent people from accessing their own personal Wi-Fi networks.' I'm aware of how the illegal wifi blocking devices work, but any idea what legal hardware they were using to effectively keep their own wifi available but render everyone else's inaccessible? David --- David, All major WiFi players have some seek-and-destroy function to prevent rogues on/near their network. It is the responsibly of the IT folks to determine how aggressive these settings are, and to what needs deauth sent to clients. These can be very effective in dropping sessions from clients on unauthorized systems. The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers. -- Opinions expressed in this email are mine and not that of my employer. Shane Allan Godmere
RE: Marriott wifi blocking
Yes, I've tested it quite effectively using WLC 5508 and a AIR-CAP3502I-A-K9 Date: Fri, 3 Oct 2014 16:15:37 -0400 From: telmn...@757.org CC: nanog@nanog.org Subject: Re: Marriott wifi blocking I'm aware of how the illegal wifi blocking devices work, but any idea what legal hardware they were using to effectively keep their own wifi available but render everyone else's inaccessible? Doesn't Cisco and other vendors offer rouge AP squashing features? - Ethan O'Toole
Re: Equinix Sales
My experience with Core Site has been that their sales people are responsive, but their other areas not so much. What one would expect from a Telco-owned facility. Equinix, the sales people are less responsive, but at least when I open a ticket with them, it gets done pretty quickly in most cases. Owen On Oct 3, 2014, at 13:01 , Carlos Alcantar car...@race.com wrote: coresite might be a good alternative if they are in the market you are trying to get space into. Carlos Alcantar Race Communications / Race Team Member 1325 Howard Ave. #604, Burlingame, CA. 94010 Phone: +1 415 376 3314 / car...@race.com / http://www.race.com On 10/3/14, 7:33 AM, Daniel Corbe co...@corbe.net wrote: Equinix Sales seem impossible to reach. Should I just give up and go through a sales agent or can someone from Equinix sales contact me off-list?
Re: Marriott wifi blocking
On Fri, 03 Oct 2014 16:16:22 -0400, Nick Olsen n...@flhsi.com wrote: Side question for those smarter than I. How does WPA encryption play into this? Would a client associated to a WPA2 AP take a non-encrypted deauth appearing from the same BSSID? It doesn't. The DEAUTH management frame is not encrypted and carries no authentication. The 802.11 spec only requires a reason code be provided. --Ricky
Re: Marriott wifi blocking
The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers. I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum. My reading of this is that these features are illegal, period. Rogue AP detection is one thing, and disabling them via network or administrative (ie. eject the guest) means would be fine, but interfering with the wireless is not acceptable per the FCC regulations. Seems like common sense to me. If the FCC considers this 'interference', which it apparently does, then devices MUST NOT intentionally interfere. K
The Cidr Report
This report has been generated at Fri Oct 3 21:14:05 2014 AEST. The report analyses the BGP Routing Table of AS2.0 router and generates a report on aggregation potential within the table. Check http://www.cidr-report.org/2.0 for a current version of this report. Recent Table History Date PrefixesCIDR Agg 26-09-14517584 286968 27-09-14517645 286987 28-09-14517067 287333 29-09-14517697 287127 30-09-14517392 287790 01-10-14518035 287253 02-10-14518063 287399 03-10-14518176 287885 AS Summary 48431 Number of ASes in routing system 19548 Number of ASes announcing only one prefix 3026 Largest number of prefixes announced by an AS AS28573: NET Serviços de Comunicação S.A.,BR 120100352 Largest address span announced by an AS (/32s) AS4134 : CHINANET-BACKBONE No.31,Jin-rong Street,CN Aggregation Summary The algorithm used in this report proposes aggregation only when there is a precise match using the AS path, so as to preserve traffic transit policies. Aggregation is also proposed across non-advertised address space ('holes'). --- 03Oct14 --- ASnumNetsNow NetsAggr NetGain % Gain Description Table 518309 287887 23042244.5% All ASes AS28573 3026 133 289395.6% NET Serviços de Comunicação S.A.,BR AS6389 2895 69 282697.6% BELLSOUTH-NET-BLK - BellSouth.net Inc.,US AS17974 2815 80 273597.2% TELKOMNET-AS2-AP PT Telekomunikasi Indonesia,ID AS22773 2894 161 273394.4% ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc.,US AS4766 2945 1207 173859.0% KIXS-AS-KR Korea Telecom,KR AS6147 1782 166 161690.7% Telefonica del Peru S.A.A.,PE AS7303 1769 300 146983.0% Telecom Argentina S.A.,AR AS18881 1903 552 135171.0% Global Village Telecom,BR AS8402 1335 25 131098.1% CORBINA-AS OJSC Vimpelcom,RU AS4755 1912 651 126166.0% TATACOMM-AS TATA Communications formerly VSNL is Leading ISP,IN AS20115 1804 554 125069.3% CHARTER-NET-HKY-NC - Charter Communications,US AS9808 1292 56 123695.7% CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN AS4323 1644 413 123174.9% TWTC - tw telecom holdings, inc.,US AS7545 2377 1158 121951.3% TPG-INTERNET-AP TPG Telecom Limited,AU AS7552 1263 60 120395.2% VIETEL-AS-AP Viettel Corporation,VN AS9498 1306 109 119791.7% BBIL-AP BHARTI Airtel Ltd.,IN AS10620 2992 1805 118739.7% Telmex Colombia S.A.,CO AS18566 2044 866 117857.6% MEGAPATH5-US - MegaPath Corporation,US AS22561 1306 306 100076.6% AS22561 - CenturyTel Internet Holdings, Inc.,US AS7029 2038 1051 98748.4% WINDSTREAM - Windstream Communications Inc,US AS7738 999 83 91691.7% Telemar Norte Leste S.A.,BR AS6983 1492 629 86357.8% ITCDELTA - Earthlink, Inc.,US AS4788 1071 244 82777.2% TMNET-AS-AP TM Net, Internet Service Provider,MY AS38285 956 132 82486.2% M2TELECOMMUNICATIONS-AU M2 Telecommunications Group Ltd,AU AS24560 1173 354 81969.8% AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services,IN AS4780 1042 266 77674.5% SEEDNET Digital United Inc.,TW AS26615 902 135 76785.0% Tim Celular S.A.,BR AS18101 957 197 76079.4% RELIANCE-COMMUNICATIONS-IN Reliance Communications Ltd.DAKC MUMBAI,IN AS8151 1484 737 74750.3% Uninet S.A. de C.V.,MX AS17908 838 92 74689.0% TCISL Tata Communications,IN Total 52256125913966575.9% Top
BGP Update Report
BGP Update Report Interval: 25-Sep-14 -to- 02-Oct-14 (7 days) Observation Point: BGP Peering with AS131072 TOP 20 Unstable Origin AS Rank ASNUpds % Upds/PfxAS-Name 1 - AS9583 583990 11.3% 421.3 -- SIFY-AS-IN Sify Limited,IN 2 - AS9829 198729 3.8% 174.8 -- BSNL-NIB National Internet Backbone,IN 3 - AS23752 196055 3.8%1519.8 -- NPTELECOM-NP-AS Nepal Telecommunications Corporation, Internet Services,NP 4 - AS24193 177229 3.4% 798.3 -- SIFY-IN Sify Limited Service Provider India,IN 5 - AS3816 104096 2.0% 178.2 -- COLOMBIA TELECOMUNICACIONES S.A. ESP,CO 6 - AS45816 100073 1.9%3127.3 -- ISHK-AP I-Services Network Solution Limited,HK 7 - AS363398012 1.9% 276.9 -- PROVINCE-OF-BRITISH-COLUMBIA - Province of British Columbia,CA 8 - AS840259612 1.1% 97.6 -- CORBINA-AS OJSC Vimpelcom,RU 9 - AS45899 58284 1.1% 121.9 -- VNPT-AS-VN VNPT Corp,VN 10 - AS13682 52871 1.0%5874.6 -- TELEFONICA MOVILES GUATEMALA S.A.,GT 11 - AS13188 49032 0.9% 52.2 -- BANKINFORM-AS TOV Bank-Inform,UA 12 - AS755243513 0.8% 34.5 -- VIETEL-AS-AP Viettel Corporation,VN 13 - AS702942754 0.8% 7.1 -- WINDSTREAM - Windstream Communications Inc,US 14 - AS38197 41401 0.8% 67.2 -- SUNHK-DATA-AS-AP Sun Network (Hong Kong) Limited,HK 15 - AS165938784 0.8% 153.9 -- ERX-TANET-ASN1 Tiawan Academic Network (TANet) Information Center,TW 16 - AS211935869 0.7% 167.6 -- TELENOR-NEXTEL Telenor Norge AS,NO 17 - AS28573 34162 0.7% 20.9 -- NET Serviços de Comunicação S.A.,BR 18 - AS17552 27921 0.5% 362.6 -- TRUE-AS-AP True Internet Co.,Ltd.,TH 19 - AS47331 21546 0.4% 7.3 -- TTNET TTNet A.S.,TR 20 - AS23342 21142 0.4% 528.5 -- UNITEDLAYER - Unitedlayer, Inc.,US TOP 20 Unstable Origin AS (Updates per announced prefix) Rank ASNUpds % Upds/PfxAS-Name 1 - AS25003 19569 0.4%9784.5 -- INTERNET_BINAT Internet Binat Ltd,IL 2 - AS623186518 0.1%6518.0 -- BIMEH-MA-AS Bimeh Ma,IR 3 - AS13682 52871 1.0%5874.6 -- TELEFONICA MOVILES GUATEMALA S.A.,GT 4 - AS24673 0.1% 661.0 -- UDEL-DCN - University of Delaware,US 5 - AS323364228 0.1%4228.0 -- IPASS-2 - iPass Incorporated,US 6 - AS518883429 0.1%3429.0 -- PILOTSYSTEMS-AS Pilot Systems consulting SARL,FR 7 - AS45816 100073 1.9%3127.3 -- ISHK-AP I-Services Network Solution Limited,HK 8 - AS476802781 0.1%2781.0 -- NHCS EOBO Limited,IE 9 - AS18135 12510 0.2%2502.0 -- BTV BTV Cable television,JP 10 - AS6629 9646 0.2%2411.5 -- NOAA-AS - NOAA,US 11 - AS417622180 0.0%2180.0 -- SEVNET PE Logvinov Vladimir Vladimirovich,UA 12 - AS605992003 0.0%2003.0 -- WEBKOMPAS-AS Emelyanov Valentin Petrovich,RU 13 - AS309441758 0.0%1758.0 -- DKD-AS Bendra Lietuvos, JAV ir Rusijos imone uzdaroji akcine bendrove DKD,LT 14 - AS350933325 0.1%1662.5 -- RO-HTPASSPORT High Tech Passport Ltd SUA California San Jose SUCURSALA BUCURESTI ROMANIA,RO 15 - AS273901655 0.0%1655.0 -- ALGAS - Fred Alger Co Inc.,US 16 - AS621741597 0.0%1597.0 -- INTERPAN-AS INTERPAN LTD.,BG 17 - AS6468 3177 0.1%1588.5 -- EASYLINK-AS6468 - Easylink Services Corporation,US 18 - AS31546 0.0%5517.0 -- MIT-GATEWAYS - Massachusetts Institute of Technology,US 19 - AS23752 196055 3.8%1519.8 -- NPTELECOM-NP-AS Nepal Telecommunications Corporation, Internet Services,NP 20 - AS572011502 0.0%1502.0 -- EDF-AS Estonian Defence Forces,EE TOP 20 Unstable Prefixes Rank Prefix Upds % Origin AS -- AS Name 1 - 202.70.64.0/2198144 1.8% AS23752 -- NPTELECOM-NP-AS Nepal Telecommunications Corporation, Internet Services,NP 2 - 202.70.88.0/2196252 1.8% AS23752 -- NPTELECOM-NP-AS Nepal Telecommunications Corporation, Internet Services,NP 3 - 64.29.130.0/2421064 0.4% AS23342 -- UNITEDLAYER - Unitedlayer, Inc.,US 4 - 192.115.44.0/22 19568 0.4% AS25003 -- INTERNET_BINAT Internet Binat Ltd,IL 5 - 41.221.20.0/2413637 0.2% AS36947 -- ALGTEL-AS,DZ 6 - 42.83.48.0/20 12494 0.2% AS18135 -- BTV BTV Cable television,JP 7 - 200.34.149.0/24 10487 0.2% AS8151 -- Uninet S.A. de C.V.,MX 8 - 200.119.160.0/19 9888 0.2% AS13682 -- TELEFONICA MOVILES GUATEMALA S.A.,GT 9 - 190.143.240.0/20 9872 0.2% AS13682 -- TELEFONICA MOVILES GUATEMALA S.A.,GT 10 - 192.58.232.0/249640 0.2% AS6629 -- NOAA-AS - NOAA,US 11 - 190.143.224.0/20 8805 0.2% AS13682 -- TELEFONICA MOVILES GUATEMALA S.A.,GT 12 -
Re: Marriott wifi blocking
On 10/03/2014 03:23 PM, Keenan Tims wrote: The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers. I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum. +1 My reading of this is that these features are illegal, period. Rogue AP detection is one thing, and disabling them via network or administrative (ie. eject the guest) means would be fine, but interfering with the wireless is not acceptable per the FCC regulations. Seems like common sense to me. If the FCC considers this 'interference', which it apparently does, then devices MUST NOT intentionally interfere. I would expect interfering for defensive purposes **only** would be acceptable. --John K
Re: Marriott wifi blocking
On Fri 2014-Oct-03 16:01:21 -0600, John Schiel jsch...@flowtools.net wrote: On 10/03/2014 03:23 PM, Keenan Tims wrote: The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers. I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum. +1 My reading of this is that these features are illegal, period. Rogue AP detection is one thing, and disabling them via network or administrative (ie. eject the guest) means would be fine, but interfering with the wireless is not acceptable per the FCC regulations. Seems like common sense to me. If the FCC considers this 'interference', which it apparently does, then devices MUST NOT intentionally interfere. I would expect interfering for defensive purposes **only** would be acceptable. What constitutes defensive purposes? --John K -- Hugo signature.asc Description: Digital signature
Re: Marriott wifi blocking
My reading of this is that these features are illegal, period. Rogue AP detection is one thing, and disabling them via network or administrative (ie. eject the guest) means would be fine, but interfering with the wireless is not acceptable per the FCC regulations. Seems like common sense to me. If the FCC considers this 'interference', which it apparently does, then devices MUST NOT intentionally interfere. I would expect interfering for defensive purposes **only** would be acceptable. What constitutes defensive purposes? Since this is unlicensed spectrum, I don't think there is anything one has a right to defend :) /Mike
Re: Marriott wifi blocking
On 10/03/14 17:34, Michael Van Norman wrote: My reading of this is that these features are illegal, period. Rogue AP detection is one thing, and disabling them via network or administrative (ie. eject the guest) means would be fine, but interfering with the wireless is not acceptable per the FCC regulations. Seems like common sense to me. If the FCC considers this 'interference', which it apparently does, then devices MUST NOT intentionally interfere. I would expect interfering for defensive purposes **only** would be acceptable. What constitutes defensive purposes? Since this is unlicensed spectrum, I don't think there is anything one has a right to defend :) /Mike If you charge for access and one person pays and sets up a rogue AP offering free WiFi to anyone in range. I can see a defensive angle there. Lyle Giese LCR Computer Services, Inc.
Re: Marriott wifi blocking
On 10/3/14 3:44 PM, Lyle Giese l...@lcrcomputer.net wrote: On 10/03/14 17:34, Michael Van Norman wrote: My reading of this is that these features are illegal, period. Rogue AP detection is one thing, and disabling them via network or administrative (ie. eject the guest) means would be fine, but interfering with the wireless is not acceptable per the FCC regulations. Seems like common sense to me. If the FCC considers this 'interference', which it apparently does, then devices MUST NOT intentionally interfere. I would expect interfering for defensive purposes **only** would be acceptable. What constitutes defensive purposes? Since this is unlicensed spectrum, I don't think there is anything one has a right to defend :) /Mike If you charge for access and one person pays and sets up a rogue AP offering free WiFi to anyone in range. I can see a defensive angle there. Lyle Giese LCR Computer Services, Inc. In that case turn off the offenders access. No FCC violation doing that. In any case, that was not what was happening here. /Mike
Re: Marriott wifi blocking
On Fri, Oct 03, 2014 at 02:23:46PM -0700, Keenan Tims wrote: The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers. I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum. I think that depends on the terms of your lease agreement. Could not a hotel or conference center operate reserve the right to employ active devices to disable any unauthorized wireless systems? Perhaps because they want to charge to provide that service, because they don't want errant signals leaking from their building, a rogue device could be considered an intruder and represent a risk to the network, or because they don't want someone setting up a system that would interfere with their wireless gear and take down other clients who are on premesis... Would not such an active device be quite appropriate there? -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Marriott wifi blocking
On 10/3/14 6:01 PM, John Schiel wrote: On 10/03/2014 03:23 PM, Keenan Tims wrote: The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers. I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum. +1 My reading of this is that these features are illegal, period. Rogue AP detection is one thing, and disabling them via network or administrative (ie. eject the guest) means would be fine, but interfering with the wireless is not acceptable per the FCC regulations. Seems like common sense to me. If the FCC considers this 'interference', which it apparently does, then devices MUST NOT intentionally interfere. I would expect interfering for defensive purposes **only** would be acceptable. if you have a device licensed under fcc part 15 it may not cause harmful interference to other users of the spectrum. --John K signature.asc Description: OpenPGP digital signature
Re: Marriott wifi blocking
On 10/3/14 7:12 PM, Wayne E Bouchard wrote: On Fri, Oct 03, 2014 at 02:23:46PM -0700, Keenan Tims wrote: The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers. I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum. I think that depends on the terms of your lease agreement. Could not a hotel or conference center operate reserve the right to employ active devices to disable any unauthorized wireless systems? Perhaps because they want to charge to provide that service, because they don't want errant signals leaking from their building, a rogue device could be considered an intruder and represent a risk to the network, or because they don't want someone setting up a system that would interfere with their wireless gear and take down other clients who are on premesis... Would not such an active device be quite appropriate there? http://transition.fcc.gov/Bureaus/Engineering_Technology/Documents/bulletins/oet63/oet63rev.pdf ... The FCC rules are designed to control the marketing of low-power transmitters and, to a lesser extent, their use. If the operation of a non-compliant transmitter causes interference to authorized radio communications, the user should stop operating the transmitter or correct the problem causing the interference. However, the person (or company) that sold this non-compliant transmitter to the user has violated the FCC marketing rules in Part 2 as well as federal law. The act of selling or leasing, offering to sell or lease, or importing a low-power transmitter that has not gone through the appropriate FCC equipment authorization procedure is a violation of the Commission's rules and federal law. ... -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/ signature.asc Description: OpenPGP digital signature
Re: large BCP38 compliance testing
- Original Message - From: Alain Hebert aheb...@pubnix.net PS: About that uRPF Convo, we could dump all that knowledges into lets say... some comprehensive wiki page maybe =D That way when the topic arise we could just link to it. Gee, Alain... where would people find a wiki like that? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Marriott wifi blocking
On Oct 3, 2014, at 16:12 , Wayne E Bouchard w...@typo.org wrote: On Fri, Oct 03, 2014 at 02:23:46PM -0700, Keenan Tims wrote: The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers. I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum. I think that depends on the terms of your lease agreement. Could not a hotel or conference center operate reserve the right to employ active devices to disable any unauthorized wireless systems? Perhaps because they want to charge to provide that service, because they don't want errant signals leaking from their building, a rogue device could be considered an intruder and represent a risk to the network, or because they don't want someone setting up a system that would interfere with their wireless gear and take down other clients who are on premesis... Would not such an active device be quite appropriate there? You may consider it appropriate from a financial or moral perspective, but it is absolutely wrong under the communications act of 1934 as amended. The following is an oversimplification and IANAL, but generally: You are _NOT_ allowed to intentionally cause harmful interference with a signal for any reason. If you are the primary user on a frequency, you are allowed to conduct your normal operations without undue concern for other users of the same spectrum, but you are not allowed to deliberately interfere with any secondary user just for the sake of interfering with them. The kind of active devices being discussed and the activities of the hotel in question appear to have run well afoul of these regulations. As someone else said, owning the property does not constitute ownership of the airwaves within the boundaries of the property, at least in the US (and I suspect in most if not all ITU countries). Owen
Re: Marriott wifi blocking
- Original Message - From: Ricky Beam jfb...@gmail.com It doesn't. The DEAUTH management frame is not encrypted and carries no authentication. The 802.11 spec only requires a reason code be provided. What's the code for E_GREEDY? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Marriott wifi blocking
IANAL but no, I think it most certainly does not, at least in the USA, depend on the terms of your *lease* agreement. In particular, I refer you to http://apps.fcc.gov/ecfs/document/view;?id=6518608517 where in the US Federal Communications Commission (FCC) specifically voided terms restricting Wi-Fi in space leased from the Massachusetts Port Authority at Boston airport as in violation of the OTARD (Over The Air Reception Device) FCC rules. This probably doesn't apply if you are a mere licensee but if you are a leaseholder, including being a tenant-in-possession, as you are if you rent a hotel room, I think they do apply. Thanks, Donald = Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e...@gmail.com On Fri, Oct 3, 2014 at 7:12 PM, Wayne E Bouchard w...@typo.org wrote: On Fri, Oct 03, 2014 at 02:23:46PM -0700, Keenan Tims wrote: The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers. I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum. I think that depends on the terms of your lease agreement. Could not a hotel or conference center operate reserve the right to employ active devices to disable any unauthorized wireless systems? Perhaps because they want to charge to provide that service, because they don't want errant signals leaking from their building, a rogue device could be considered an intruder and represent a risk to the network, or because they don't want someone setting up a system that would interfere with their wireless gear and take down other clients who are on premesis... Would not such an active device be quite appropriate there? -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Marriott wifi blocking
- Original Message - From: Owen DeLong o...@delong.com On Oct 3, 2014, at 16:12 , Wayne E Bouchard w...@typo.org wrote: Would not such an active device be quite appropriate there? You may consider it appropriate from a financial or moral perspective, but it is absolutely wrong under the communications act of 1934 as amended. The following is an oversimplification and IANAL, but generally: You are _NOT_ allowed to intentionally cause harmful interference with a signal for any reason. If you are the primary user on a frequency, you are allowed to conduct your normal operations without undue concern for other users of the same spectrum, but you are not allowed to deliberately interfere with any secondary user just for the sake of interfering with them. The kind of active devices being discussed and the activities of the hotel in question appear to have run well afoul of these regulations. Well, this will certainly have interesting implications on providing wireless service on business premises, won't it? Are Cisco et alia accessories-before? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Marriott wifi blocking
IANAL, but I believe they are. State laws may also apply (e.g. California Code - Section 502). In California, it is illegal to knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network. Blocking access to somebody's personal hot spot most likely qualifies. /Mike On 10/3/14 5:15 PM, Mike Hale eyeronic.des...@gmail.com wrote: So does that mean the anti-rogue AP technologies by the various vendors are illegal if used in the US? On Fri, Oct 3, 2014 at 4:54 PM, Jay Ashworth j...@baylink.com wrote: - Original Message - From: Ricky Beam jfb...@gmail.com It doesn't. The DEAUTH management frame is not encrypted and carries no authentication. The 802.11 spec only requires a reason code be provided. What's the code for E_GREEDY? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274 -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Re: Marriott wifi blocking
On 10/3/2014 15:16, Nick Olsen wrote: Not sure the specific implementation. But I've heard of Rouge AP detection done in two ways. Forgive me, I have been out of active large scale network administration for a number of years and have really lost touch. What it is about red-colored APs that is offensive? I have never seen one. -- The unique Characteristics of System Administrators: The fact that they are infallible; and, The fact that they learn from their mistakes. Quis custodiet ipsos custodes
Re: Marriott wifi blocking
On Fri 2014-Oct-03 17:21:08 -0700, Michael Van Norman m...@ucla.edu wrote: IANAL, but I believe they are. State laws may also apply (e.g. California Code - Section 502). In California, it is illegal to knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network. Blocking access to somebody's personal hot spot most likely qualifies. My guess would be that the hotel or other organizations using the blocking tech would probably just say the users/admin of the rogue APs are not authorized users as setting up said AP would probably be in contravention of the AUP of the hotel/org network. /Mike -- Hugo On 10/3/14 5:15 PM, Mike Hale eyeronic.des...@gmail.com wrote: So does that mean the anti-rogue AP technologies by the various vendors are illegal if used in the US? On Fri, Oct 3, 2014 at 4:54 PM, Jay Ashworth j...@baylink.com wrote: - Original Message - From: Ricky Beam jfb...@gmail.com It doesn't. The DEAUTH management frame is not encrypted and carries no authentication. The 802.11 spec only requires a reason code be provided. What's the code for E_GREEDY? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274 -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 signature.asc Description: Digital signature
Re: Marriott wifi blocking
Except that this is the difference between what happens at a Marriott and what would happen at a business that was running rogue AP detection. In the business the portable AP would be trying to look like the network that the company operated so as to siphon off legitimate users. In a hotel the portable AP would be trying to create a different, separate network. And so your thesis does not hold. I think this is the distinction we need. Because it's clear that the business thing should be able to happen and the hotel thing should On October 3, 2014 10:25:22 PM EDT, Hugo Slabbert h...@slabnet.com wrote: On Fri 2014-Oct-03 17:21:08 -0700, Michael Van Norman m...@ucla.edu wrote: IANAL, but I believe they are. State laws may also apply (e.g. California Code - Section 502). In California, it is illegal to knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network. Blocking access to somebody's personal hot spot most likely qualifies. My guess would be that the hotel or other organizations using the blocking tech would probably just say the users/admin of the rogue APs are not authorized users as setting up said AP would probably be in contravention of the AUP of the hotel/org network. /Mike -- Hugo On 10/3/14 5:15 PM, Mike Hale eyeronic.des...@gmail.com wrote: So does that mean the anti-rogue AP technologies by the various vendors are illegal if used in the US? On Fri, Oct 3, 2014 at 4:54 PM, Jay Ashworth j...@baylink.com wrote: - Original Message - From: Ricky Beam jfb...@gmail.com It doesn't. The DEAUTH management frame is not encrypted and carries no authentication. The 802.11 spec only requires a reason code be provided. What's the code for E_GREEDY? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274 -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Re: Marriott wifi blocking
On Fri 2014-Oct-03 16:49:49 -0700, Owen DeLong o...@delong.com wrote: On Oct 3, 2014, at 16:12 , Wayne E Bouchard w...@typo.org wrote: On Fri, Oct 03, 2014 at 02:23:46PM -0700, Keenan Tims wrote: The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers. I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum. I think that depends on the terms of your lease agreement. Could not a hotel or conference center operate reserve the right to employ active devices to disable any unauthorized wireless systems? Perhaps because they want to charge to provide that service, because they don't want errant signals leaking from their building, a rogue device could be considered an intruder and represent a risk to the network, or because they don't want someone setting up a system that would interfere with their wireless gear and take down other clients who are on premesis... Would not such an active device be quite appropriate there? You may consider it appropriate from a financial or moral perspective, but it is absolutely wrong under the communications act of 1934 as amended. The following is an oversimplification and IANAL, but generally: You are _NOT_ allowed to intentionally cause harmful interference with a signal for any reason. If you are the primary user on a frequency, you are allowed to conduct your normal operations without undue concern for other users of the same spectrum, but you are not allowed to deliberately interfere with any secondary user just for the sake of interfering with them. The kind of active devices being discussed and the activities of the hotel in question appear to have run well afoul of these regulations. As someone else said, owning the property does not constitute ownership of the airwaves within the boundaries of the property, at least in the US (and I suspect in most if not all ITU countries). Owen Serious question: do the FCC regulations on RF spectrum interference extend beyond layer 1? I would assume that blasting a bunch of RF noise would be pretty obviously out of bounds, but my understanding is that the mechanisms described for rogue AP squashing operate at L2. The *effect* is to render the wireless medium pretty much useless for its intended purpose, but that's accomplished by the use (abuse?) of higher layer control mechanisms. I'm not condoning this, but do the FCC regulations RF interference apply? Do they have authority above L1 in this case? -- Hugo signature.asc Description: Digital signature
Re: Marriott wifi blocking
On 10/3/14 7:25 PM, Hugo Slabbert h...@slabnet.com wrote: On Fri 2014-Oct-03 17:21:08 -0700, Michael Van Norman m...@ucla.edu wrote: IANAL, but I believe they are. State laws may also apply (e.g. California Code - Section 502). In California, it is illegal to knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network. Blocking access to somebody's personal hot spot most likely qualifies. My guess would be that the hotel or other organizations using the blocking tech would probably just say the users/admin of the rogue APs are not authorized users as setting up said AP would probably be in contravention of the AUP of the hotel/org network. They can say anything they want, it does not make it legal. There's no such thing as a rogue AP in this context. I can run an access point almost anywhere I want (there are limits established by the FCC in some areas) and it does not matter who owns the land underneath. They have no authority to decide whether or not my access point is authorized. They can certainly refuse to connect me to their wired network; and they can disconnect me if they decide I am making inappropriate use of their network -- but they have no legal authority to interfere with my wireless transmissions on my own network (be it my personal hotspot, WiFi router, etc.). FWIW, the same is true in almost all corporate environments as well. /Mike
Re: Marriott wifi blocking
One of the reasons I pointed to the California law is that it covers above L1 even if FCC authority does not. The state law also provides for criminal penalties. I do not know if other states have similar laws. /Mike On 10/3/14 7:42 PM, Hugo Slabbert h...@slabnet.com wrote: On Fri 2014-Oct-03 16:49:49 -0700, Owen DeLong o...@delong.com wrote: On Oct 3, 2014, at 16:12 , Wayne E Bouchard w...@typo.org wrote: On Fri, Oct 03, 2014 at 02:23:46PM -0700, Keenan Tims wrote: The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers. I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum. I think that depends on the terms of your lease agreement. Could not a hotel or conference center operate reserve the right to employ active devices to disable any unauthorized wireless systems? Perhaps because they want to charge to provide that service, because they don't want errant signals leaking from their building, a rogue device could be considered an intruder and represent a risk to the network, or because they don't want someone setting up a system that would interfere with their wireless gear and take down other clients who are on premesis... Would not such an active device be quite appropriate there? You may consider it appropriate from a financial or moral perspective, but it is absolutely wrong under the communications act of 1934 as amended. The following is an oversimplification and IANAL, but generally: You are _NOT_ allowed to intentionally cause harmful interference with a signal for any reason. If you are the primary user on a frequency, you are allowed to conduct your normal operations without undue concern for other users of the same spectrum, but you are not allowed to deliberately interfere with any secondary user just for the sake of interfering with them. The kind of active devices being discussed and the activities of the hotel in question appear to have run well afoul of these regulations. As someone else said, owning the property does not constitute ownership of the airwaves within the boundaries of the property, at least in the US (and I suspect in most if not all ITU countries). Owen Serious question: do the FCC regulations on RF spectrum interference extend beyond layer 1? I would assume that blasting a bunch of RF noise would be pretty obviously out of bounds, but my understanding is that the mechanisms described for rogue AP squashing operate at L2. The *effect* is to render the wireless medium pretty much useless for its intended purpose, but that's accomplished by the use (abuse?) of higher layer control mechanisms. I'm not condoning this, but do the FCC regulations RF interference apply? Do they have authority above L1 in this case? -- Hugo
Re: Marriott wifi blocking
Looks like you cut off, but: Except that this is the difference between what happens at a Marriott and what would happen at a business that was running rogue AP detection. In the business the portable AP would be trying to look like the network that the company operated so as to siphon off legitimate users. In a hotel the portable AP would be trying to create a different, separate network. And so your thesis does not hold. But it's not a completely discrete network. It is a subset of the existing network in the most common example of e.g. a WLAN + NAT device providing access to additional clients, or at least an adjacent network attached to the existing one. Okay: theoretically a guest could spin up a hotspot and not attach it to the hotel network at all, but I'm assuming that's a pretty tiny edge case. As the administration of the hotel/org network, I'm within bounds to say you're not allowed attach unauthorized devices to the network or extend the network and that should be fair in my network, my rules, no? And so I can take action against a breach of those terms. The hotspot is a separate network, but I don't have to allow it to connect to my network. I guess that points towards killing the wired port as a better method, as doing deauth on the hotspot(s) WLAN(s) would mean that you are participating in the separate network(s) and causing harm there rather than at the attachment point. But what then of the duplicate SSID of the nefarious user at the business? What recourse does the business have while still staying in bounds? -- Hugo On Fri 2014-Oct-03 22:27:06 -0400, Jay Ashworth j...@baylink.com wrote: Except that this is the difference between what happens at a Marriott and what would happen at a business that was running rogue AP detection. In the business the portable AP would be trying to look like the network that the company operated so as to siphon off legitimate users. In a hotel the portable AP would be trying to create a different, separate network. And so your thesis does not hold. I think this is the distinction we need. Because it's clear that the business thing should be able to happen and the hotel thing should On October 3, 2014 10:25:22 PM EDT, Hugo Slabbert h...@slabnet.com wrote: On Fri 2014-Oct-03 17:21:08 -0700, Michael Van Norman m...@ucla.edu wrote: IANAL, but I believe they are. State laws may also apply (e.g. California Code - Section 502). In California, it is illegal to knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network. Blocking access to somebody's personal hot spot most likely qualifies. My guess would be that the hotel or other organizations using the blocking tech would probably just say the users/admin of the rogue APs are not authorized users as setting up said AP would probably be in contravention of the AUP of the hotel/org network. /Mike -- Hugo On 10/3/14 5:15 PM, Mike Hale eyeronic.des...@gmail.com wrote: So does that mean the anti-rogue AP technologies by the various vendors are illegal if used in the US? On Fri, Oct 3, 2014 at 4:54 PM, Jay Ashworth j...@baylink.com wrote: - Original Message - From: Ricky Beam jfb...@gmail.com It doesn't. The DEAUTH management frame is not encrypted and carries no authentication. The 802.11 spec only requires a reason code be provided. What's the code for E_GREEDY? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274 -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- Hugo signature.asc Description: Digital signature
Re: Marriott wifi blocking
On Fri 2014-Oct-03 19:45:57 -0700, Michael Van Norman m...@ucla.edu wrote: On 10/3/14 7:25 PM, Hugo Slabbert h...@slabnet.com wrote: On Fri 2014-Oct-03 17:21:08 -0700, Michael Van Norman m...@ucla.edu wrote: IANAL, but I believe they are. State laws may also apply (e.g. California Code - Section 502). In California, it is illegal to knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network. Blocking access to somebody's personal hot spot most likely qualifies. My guess would be that the hotel or other organizations using the blocking tech would probably just say the users/admin of the rogue APs are not authorized users as setting up said AP would probably be in contravention of the AUP of the hotel/org network. They can say anything they want, it does not make it legal. There's no such thing as a rogue AP in this context. I can run an access point almost anywhere I want (there are limits established by the FCC in some areas) and it does not matter who owns the land underneath. They have no authority to decide whether or not my access point is authorized. They can certainly refuse to connect me to their wired network; and they can disconnect me if they decide I am making inappropriate use of their network -- but they have no legal authority to interfere with my wireless transmissions on my own network (be it my personal hotspot, WiFi router, etc.). FWIW, the same is true in almost all corporate environments as well. Thanks; I think that's the distinction I was looking for here. By spoofing deauth, the org is actively/knowingly participating on *my network* and causing harm to it without necessarily having proof that *my network* is in any way attached to *their network*. The assumption in the hotel case is likely that the WLANs of the rogue APs they're targeting are attached to their wired network and are attempts to extend that wireless network without authorization (and that's probably generally a pretty safe assumption), but that doesn't forgive causing harm to that WLAN. There's no reason they can't cut off the wired port of the AP if it is connected to the org's network as that's their attachment point and their call, but spoofed deauth stuff does seem to be out of bounds. I'm not clear on whether it runs afoul of FCC regs as it's not RF interference directly but rather an (ab)use of higher layer control mechanisms operating on that spectrum, but it probably does run afoul of most thou shalt not harm other networks legislation like the California example. /Mike -- Hugo signature.asc Description: Digital signature
Re: Marriott wifi blocking
Wifi offered by a carrier citywide, or free wifi signals from a nearby hotel / park / coffee shop.. On 04-Oct-2014 8:29 am, Hugo Slabbert h...@slabnet.com wrote: attached to the existing one. Okay: theoretically a guest could spin up a hotspot and not attach it to the hotel network at all, but I'm assuming that's a pretty tiny edge case.
Re: Marriott wifi blocking
On Fri, 03 Oct 2014 20:31:56 -0500, Larry Sheldon said: What it is about red-colored APs that is offensive? I have never seen one. It's a color code that indicates it's an RFC3514-compliant device. pgpXeFC2JMDVl.pgp Description: PGP signature
Re: Marriott wifi blocking
http://www.arrl.org/part-15-radio-frequency-devices#Definitions http://www.ecfr.gov/cgi-bin/text-idx?node=pt47.1.15 (m) Harmful interference. Any emission, radiation or induction that endangers the functioning of a radio navigation service or of other safety services or seriously degrades, obstructs or repeatedly interrupts a radiocommunications service operating in accordance with this chapter. On Oct 3, 2014 6:17 PM, joel jaeggli joe...@bogus.com wrote: On 10/3/14 6:01 PM, John Schiel wrote: On 10/03/2014 03:23 PM, Keenan Tims wrote: The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers. I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum. +1 My reading of this is that these features are illegal, period. Rogue AP detection is one thing, and disabling them via network or administrative (ie. eject the guest) means would be fine, but interfering with the wireless is not acceptable per the FCC regulations. Seems like common sense to me. If the FCC considers this 'interference', which it apparently does, then devices MUST NOT intentionally interfere. I would expect interfering for defensive purposes **only** would be acceptable. if you have a device licensed under fcc part 15 it may not cause harmful interference to other users of the spectrum. --John K
Re: Marriott wifi blocking
On Sat 2014-Oct-04 08:37:32 +0530, Suresh Ramasubramanian ops.li...@gmail.com wrote: Wifi offered by a carrier citywide, or free wifi signals from a nearby hotel / park / coffee shop.. Perfect example (thanks) of why cutting off network attachment points would be fair game while effectively attacking other WLANs has collateral damage. On 04-Oct-2014 8:29 am, Hugo Slabbert h...@slabnet.com wrote: attached to the existing one. Okay: theoretically a guest could spin up a hotspot and not attach it to the hotel network at all, but I'm assuming that's a pretty tiny edge case. -- Hugo signature.asc Description: Digital signature
Re: Marriott wifi blocking
Hugo, I still don't think that you have quite made it to the distinction that we are looking for here. In the case of the hotel, we are talking about an access point that connects via 4G to a cellular carrier. An access point that attempts to create its own network for the subscribers devices. A network disjoint from the network provided by the hotel or its contractor. This is a different case from the circumstance in a business office where equipment is deployed to prevent someone from walking in with an access point /which pretends to be part of the network which the office runs./ In the latter case, the security hardware is justified in deassociating people from the rogue access point, /because it is pretending to be part of a network it is not authorized to be part of/. In the Marriott case, that is not the circumstance. The networks which the deauth probes are being aimed at are networks which are advertising themselves as being /separate from the network operated by the hotel/, and this is the distinction that makes Marriott's behavior is unacceptable. (In my opinion; I am NOT a lawyer. If following my advice breaks something, you get to keep both pieces.) On October 3, 2014 11:04:08 PM EDT, Hugo Slabbert h...@slabnet.com wrote: On Fri 2014-Oct-03 19:45:57 -0700, Michael Van Norman m...@ucla.edu wrote: On 10/3/14 7:25 PM, Hugo Slabbert h...@slabnet.com wrote: On Fri 2014-Oct-03 17:21:08 -0700, Michael Van Norman m...@ucla.edu wrote: IANAL, but I believe they are. State laws may also apply (e.g. California Code - Section 502). In California, it is illegal to knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network. Blocking access to somebody's personal hot spot most likely qualifies. My guess would be that the hotel or other organizations using the blocking tech would probably just say the users/admin of the rogue APs are not authorized users as setting up said AP would probably be in contravention of the AUP of the hotel/org network. They can say anything they want, it does not make it legal. There's no such thing as a rogue AP in this context. I can run an access point almost anywhere I want (there are limits established by the FCC in some areas) and it does not matter who owns the land underneath. They have no authority to decide whether or not my access point is authorized. They can certainly refuse to connect me to their wired network; and they can disconnect me if they decide I am making inappropriate use of their network -- but they have no legal authority to interfere with my wireless transmissions on my own network (be it my personal hotspot, WiFi router, etc.). FWIW, the same is true in almost all corporate environments as well. Thanks; I think that's the distinction I was looking for here. By spoofing deauth, the org is actively/knowingly participating on *my network* and causing harm to it without necessarily having proof that *my network* is in any way attached to *their network*. The assumption in the hotel case is likely that the WLANs of the rogue APs they're targeting are attached to their wired network and are attempts to extend that wireless network without authorization (and that's probably generally a pretty safe assumption), but that doesn't forgive causing harm to that WLAN. There's no reason they can't cut off the wired port of the AP if it is connected to the org's network as that's their attachment point and their call, but spoofed deauth stuff does seem to be out of bounds. I'm not clear on whether it runs afoul of FCC regs as it's not RF interference directly but rather an (ab)use of higher layer control mechanisms operating on that spectrum, but it probably does run afoul of most thou shalt not harm other networks legislation like the California example. /Mike -- Hugo -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Re: Marriott wifi blocking
Jay, Thanks; I think I was stretching this a bit far beyond just the Marriott example. Killing hotspots of completely discrete networks because $$$ is heinous. I had extended this to e.g.: 1. Hotel charges for either wired or wireless access per device and has network policies to that effect. 2. Guest pays for a single device and hooks up an AP or AP/NAT combo to the wired port. 3. User piggybacks multiple devices on that device's WLAN. ...to try to flesh out the scenarios. In the attempt I went a bit far off the reservation. Apologies for the noise. -- Hugo On Fri 2014-Oct-03 23:32:39 -0400, Jay Ashworth j...@baylink.com wrote: Hugo, I still don't think that you have quite made it to the distinction that we are looking for here. In the case of the hotel, we are talking about an access point that connects via 4G to a cellular carrier. An access point that attempts to create its own network for the subscribers devices. A network disjoint from the network provided by the hotel or its contractor. This is a different case from the circumstance in a business office where equipment is deployed to prevent someone from walking in with an access point /which pretends to be part of the network which the office runs./ In the latter case, the security hardware is justified in deassociating people from the rogue access point, /because it is pretending to be part of a network it is not authorized to be part of/. In the Marriott case, that is not the circumstance. The networks which the deauth probes are being aimed at are networks which are advertising themselves as being /separate from the network operated by the hotel/, and this is the distinction that makes Marriott's behavior is unacceptable. (In my opinion; I am NOT a lawyer. If following my advice breaks something, you get to keep both pieces.) On October 3, 2014 11:04:08 PM EDT, Hugo Slabbert h...@slabnet.com wrote: On Fri 2014-Oct-03 19:45:57 -0700, Michael Van Norman m...@ucla.edu wrote: On 10/3/14 7:25 PM, Hugo Slabbert h...@slabnet.com wrote: On Fri 2014-Oct-03 17:21:08 -0700, Michael Van Norman m...@ucla.edu wrote: IANAL, but I believe they are. State laws may also apply (e.g. California Code - Section 502). In California, it is illegal to knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network. Blocking access to somebody's personal hot spot most likely qualifies. My guess would be that the hotel or other organizations using the blocking tech would probably just say the users/admin of the rogue APs are not authorized users as setting up said AP would probably be in contravention of the AUP of the hotel/org network. They can say anything they want, it does not make it legal. There's no such thing as a rogue AP in this context. I can run an access point almost anywhere I want (there are limits established by the FCC in some areas) and it does not matter who owns the land underneath. They have no authority to decide whether or not my access point is authorized. They can certainly refuse to connect me to their wired network; and they can disconnect me if they decide I am making inappropriate use of their network -- but they have no legal authority to interfere with my wireless transmissions on my own network (be it my personal hotspot, WiFi router, etc.). FWIW, the same is true in almost all corporate environments as well. Thanks; I think that's the distinction I was looking for here. By spoofing deauth, the org is actively/knowingly participating on *my network* and causing harm to it without necessarily having proof that *my network* is in any way attached to *their network*. The assumption in the hotel case is likely that the WLANs of the rogue APs they're targeting are attached to their wired network and are attempts to extend that wireless network without authorization (and that's probably generally a pretty safe assumption), but that doesn't forgive causing harm to that WLAN. There's no reason they can't cut off the wired port of the AP if it is connected to the org's network as that's their attachment point and their call, but spoofed deauth stuff does seem to be out of bounds. I'm not clear on whether it runs afoul of FCC regs as it's not RF interference directly but rather an (ab)use of higher layer control mechanisms operating on that spectrum, but it probably does run afoul of most thou shalt not harm other networks legislation like the California example. /Mike -- Hugo -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- Hugo signature.asc Description: Digital signature
Re: Marriott wifi blocking
No problem, Hugo. In fact, if you paid for Wired service and plugged your own router in, you would still be creating your own network, and not pretending to be the hotel's network. At the RF layer. So it would not be legal for them to zap that either. Doing so might /violate your agreement for the wired internet/, but that's a problem up in layer 10... (People, money, lawyers) On October 3, 2014 11:45:48 PM EDT, Hugo Slabbert h...@slabnet.com wrote: Jay, Thanks; I think I was stretching this a bit far beyond just the Marriott example. Killing hotspots of completely discrete networks because $$$ is heinous. I had extended this to e.g.: 1. Hotel charges for either wired or wireless access per device and has network policies to that effect. 2. Guest pays for a single device and hooks up an AP or AP/NAT combo to the wired port. 3. User piggybacks multiple devices on that device's WLAN. ...to try to flesh out the scenarios. In the attempt I went a bit far off the reservation. Apologies for the noise. -- Hugo On Fri 2014-Oct-03 23:32:39 -0400, Jay Ashworth j...@baylink.com wrote: Hugo, I still don't think that you have quite made it to the distinction that we are looking for here. In the case of the hotel, we are talking about an access point that connects via 4G to a cellular carrier. An access point that attempts to create its own network for the subscribers devices. A network disjoint from the network provided by the hotel or its contractor. This is a different case from the circumstance in a business office where equipment is deployed to prevent someone from walking in with an access point /which pretends to be part of the network which the office runs./ In the latter case, the security hardware is justified in deassociating people from the rogue access point, /because it is pretending to be part of a network it is not authorized to be part of/. In the Marriott case, that is not the circumstance. The networks which the deauth probes are being aimed at are networks which are advertising themselves as being /separate from the network operated by the hotel/, and this is the distinction that makes Marriott's behavior is unacceptable. (In my opinion; I am NOT a lawyer. If following my advice breaks something, you get to keep both pieces.) On October 3, 2014 11:04:08 PM EDT, Hugo Slabbert h...@slabnet.com wrote: On Fri 2014-Oct-03 19:45:57 -0700, Michael Van Norman m...@ucla.edu wrote: On 10/3/14 7:25 PM, Hugo Slabbert h...@slabnet.com wrote: On Fri 2014-Oct-03 17:21:08 -0700, Michael Van Norman m...@ucla.edu wrote: IANAL, but I believe they are. State laws may also apply (e.g. California Code - Section 502). In California, it is illegal to knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network. Blocking access to somebody's personal hot spot most likely qualifies. My guess would be that the hotel or other organizations using the blocking tech would probably just say the users/admin of the rogue APs are not authorized users as setting up said AP would probably be in contravention of the AUP of the hotel/org network. They can say anything they want, it does not make it legal. There's no such thing as a rogue AP in this context. I can run an access point almost anywhere I want (there are limits established by the FCC in some areas) and it does not matter who owns the land underneath. They have no authority to decide whether or not my access point is authorized. They can certainly refuse to connect me to their wired network; and they can disconnect me if they decide I am making inappropriate use of their network -- but they have no legal authority to interfere with my wireless transmissions on my own network (be it my personal hotspot, WiFi router, etc.). FWIW, the same is true in almost all corporate environments as well. Thanks; I think that's the distinction I was looking for here. By spoofing deauth, the org is actively/knowingly participating on *my network* and causing harm to it without necessarily having proof that *my network* is in any way attached to *their network*. The assumption in the hotel case is likely that the WLANs of the rogue APs they're targeting are attached to their wired network and are attempts to extend that wireless network without authorization (and that's probably generally a pretty safe assumption), but that doesn't forgive causing harm to that WLAN. There's no reason they can't cut off the wired port of the AP if it is connected to the org's network as that's their attachment point and their call, but spoofed deauth stuff does seem to be out of bounds. I'm not clear on whether it runs afoul of FCC regs as it's not RF interference directly but rather an (ab)use of higher layer control mechanisms operating on that spectrum, but it probably does run afoul of most thou shalt not
Re: Marriott wifi blocking
On Oct 3, 2014, at 10:45 PM, Hugo Slabbert h...@slabnet.com wrote: Jay, Killing hotspots of completely discrete networks because $$$ is heinous. I had extended this to e.g.: It’s not just Marriott doing this; A friend of mine went to a convention near DC and found the venue was doing something like this. I don’t know if the method was the same, but he reported that any time he connected to his phone he would be disconnected “nearly immediately. He mentioned this to a con staffer and was told you had to rent internet access from the venue, it cost several hundred dollars per day. Same for electricity, about which he was told “If you have to ask how much it costs, you cannot afford it.”
Re: Marriott wifi blocking
On 10/3/14, 7:57 PM, Hugo Slabbert wrote: But it's not a completely discrete network. It is a subset of the existing network in the most common example of e.g. a WLAN + NAT device providing access to additional clients, or at least an adjacent network attached to the existing one. Okay: theoretically a guest could spin up a hotspot and not attach it to the hotel network at all, but I'm assuming that's a pretty tiny edge case. The appropriate remedy would be to deny access to the WLAN+NAT device from your host network, not to interfere with its communication to its clients. Or ask the guest operating it to leave the premises. A guest spinning up a hotspot not connected to the hotel network is far from an edge case. Cellular 3G/4G/LTE-to-hotspot devices are quite common and widely deployed. Tethering one's laptop to one's smartphone is also very common. Jamming such communications does nothing to protect one's own wi-fi, only to protect one's profits. As the administration of the hotel/org network, I'm within bounds to say you're not allowed attach unauthorized devices to the network or extend the network and that should be fair in my network, my rules, no? And so I can take action against a breach of those terms. As long as it's a legal action, such as denying the MAC of the unauthorized device to your network, absolutely. In this case it's someone else's network, hence not your rules. The hotspot is a separate network, but I don't have to allow it to connect to my network. I guess that points towards killing the wired port as a better method, as doing deauth on the hotspot(s) WLAN(s) would mean that you are participating in the separate network(s) and causing harm there rather than at the attachment point. Precisely. But what then of the duplicate SSID of the nefarious user at the business? What recourse does the business have while still staying in bounds? As long as the nefarious user isn't connecting to the business's network, none. There are likely hundreds of thousands if not millions of networks whose SSID is 'Linksys', duplicated willy-nilly worldwide. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Re: Marriott wifi blocking
On Fri, Oct 03, 2014 at 10:57:29PM -0500, Daniel Seagraves wrote: It?s not just Marriott doing this; A friend of mine went to a convention near DC and found the venue was doing something like this. I don?t know if the method was the same, but he reported that any time he connected to his phone he would be disconnected ?nearly immediately. He mentioned this to a con staffer and was told you had to rent internet access from the venue, it cost several hundred dollars per day. Same for electricity, about which he I've seen this in a few places, but if anyone encounters similar behavior, I suggest the following: - Document the incident. - Identify the make and model of the access point, or controller, and be sure to pass along this information to the FCC's OET: http://transition.fcc.gov/oet/ Vendors really need to start losing their US device certification for devices that include advertised features that violate US law. It would put a stop to this sort of thing pretty quickly. --msa
Re: Marriott wifi blocking
On 10/3/14, 8:04 PM, Hugo Slabbert wrote: I'm not clear on whether it runs afoul of FCC regs as it's not RF interference directly but rather an (ab)use of higher layer control mechanisms operating on that spectrum, but it probably does run afoul of most thou shalt not harm other networks legislation like the California example. You can't get to layer 2 or layer 3 without layer 1. The abuse of higher layer control protocols requires an RF transmitter within the radio spectrum, hence it is interference. It is a much more selectively targeted type of interference than broadband noise, but it's very obviously interference over radio frequencies by any definition. -- -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Re: Marriott wifi blocking
The hotel is being fined for blocking/jamming users setting up wifi via mobile technologies and such, not using the hotel's network. Hard for me to imagine how the hotel gets to insert itself into any applicable AUP in that scenario. Owen On Oct 3, 2014, at 19:25, Hugo Slabbert h...@slabnet.com wrote: On Fri 2014-Oct-03 17:21:08 -0700, Michael Van Norman m...@ucla.edu wrote: IANAL, but I believe they are. State laws may also apply (e.g. California Code - Section 502). In California, it is illegal to knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network. Blocking access to somebody's personal hot spot most likely qualifies. My guess would be that the hotel or other organizations using the blocking tech would probably just say the users/admin of the rogue APs are not authorized users as setting up said AP would probably be in contravention of the AUP of the hotel/org network. /Mike -- Hugo On 10/3/14 5:15 PM, Mike Hale eyeronic.des...@gmail.com wrote: So does that mean the anti-rogue AP technologies by the various vendors are illegal if used in the US? On Fri, Oct 3, 2014 at 4:54 PM, Jay Ashworth j...@baylink.com wrote: - Original Message - From: Ricky Beam jfb...@gmail.com It doesn't. The DEAUTH management frame is not encrypted and carries no authentication. The 802.11 spec only requires a reason code be provided. What's the code for E_GREEDY? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274 -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Re: Marriott wifi blocking
If the signal that is causing the harmful interference is a radio transmission, then the FCC doesn't differentiate between noise and intelligent harmful interference. If you interfere elsewhere on the wire or without transmitting, you might avoid the part 15 rules about causing harmful interference. If you transmit a signal over the air, then the FCC has authority and requires that you not cause harmful interference. Owen On Oct 3, 2014, at 19:42, Hugo Slabbert h...@slabnet.com wrote: On Fri 2014-Oct-03 16:49:49 -0700, Owen DeLong o...@delong.com wrote: On Oct 3, 2014, at 16:12 , Wayne E Bouchard w...@typo.org wrote: On Fri, Oct 03, 2014 at 02:23:46PM -0700, Keenan Tims wrote: The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers. I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum. I think that depends on the terms of your lease agreement. Could not a hotel or conference center operate reserve the right to employ active devices to disable any unauthorized wireless systems? Perhaps because they want to charge to provide that service, because they don't want errant signals leaking from their building, a rogue device could be considered an intruder and represent a risk to the network, or because they don't want someone setting up a system that would interfere with their wireless gear and take down other clients who are on premesis... Would not such an active device be quite appropriate there? You may consider it appropriate from a financial or moral perspective, but it is absolutely wrong under the communications act of 1934 as amended. The following is an oversimplification and IANAL, but generally: You are _NOT_ allowed to intentionally cause harmful interference with a signal for any reason. If you are the primary user on a frequency, you are allowed to conduct your normal operations without undue concern for other users of the same spectrum, but you are not allowed to deliberately interfere with any secondary user just for the sake of interfering with them. The kind of active devices being discussed and the activities of the hotel in question appear to have run well afoul of these regulations. As someone else said, owning the property does not constitute ownership of the airwaves within the boundaries of the property, at least in the US (and I suspect in most if not all ITU countries). Owen Serious question: do the FCC regulations on RF spectrum interference extend beyond layer 1? I would assume that blasting a bunch of RF noise would be pretty obviously out of bounds, but my understanding is that the mechanisms described for rogue AP squashing operate at L2. The *effect* is to render the wireless medium pretty much useless for its intended purpose, but that's accomplished by the use (abuse?) of higher layer control mechanisms. I'm not condoning this, but do the FCC regulations RF interference apply? Do they have authority above L1 in this case? -- Hugo
Re: Marriott wifi blocking
If there were a duplicate SSID, the. The nefarious user is the one causing illegal harmful interference. However, as I understand the case in question, Marriott was blocking stand-up mobile hotspots not attached to their wired network or bridged/routed through their wifi. As you pointed out, even if this were unauthorized extension of the Marriott network, Marriott's legitimate response would have been disconnecting the extension from their network, not causing harmful interference to the other network. Owen On Oct 3, 2014, at 19:57, Hugo Slabbert h...@slabnet.com wrote: Looks like you cut off, but: Except that this is the difference between what happens at a Marriott and what would happen at a business that was running rogue AP detection. In the business the portable AP would be trying to look like the network that the company operated so as to siphon off legitimate users. In a hotel the portable AP would be trying to create a different, separate network. And so your thesis does not hold. But it's not a completely discrete network. It is a subset of the existing network in the most common example of e.g. a WLAN + NAT device providing access to additional clients, or at least an adjacent network attached to the existing one. Okay: theoretically a guest could spin up a hotspot and not attach it to the hotel network at all, but I'm assuming that's a pretty tiny edge case. As the administration of the hotel/org network, I'm within bounds to say you're not allowed attach unauthorized devices to the network or extend the network and that should be fair in my network, my rules, no? And so I can take action against a breach of those terms. The hotspot is a separate network, but I don't have to allow it to connect to my network. I guess that points towards killing the wired port as a better method, as doing deauth on the hotspot(s) WLAN(s) would mean that you are participating in the separate network(s) and causing harm there rather than at the attachment point. But what then of the duplicate SSID of the nefarious user at the business? What recourse does the business have while still staying in bounds? -- Hugo On Fri 2014-Oct-03 22:27:06 -0400, Jay Ashworth j...@baylink.com wrote: Except that this is the difference between what happens at a Marriott and what would happen at a business that was running rogue AP detection. In the business the portable AP would be trying to look like the network that the company operated so as to siphon off legitimate users. In a hotel the portable AP would be trying to create a different, separate network. And so your thesis does not hold. I think this is the distinction we need. Because it's clear that the business thing should be able to happen and the hotel thing should On October 3, 2014 10:25:22 PM EDT, Hugo Slabbert h...@slabnet.com wrote: On Fri 2014-Oct-03 17:21:08 -0700, Michael Van Norman m...@ucla.edu wrote: IANAL, but I believe they are. State laws may also apply (e.g. California Code - Section 502). In California, it is illegal to knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network. Blocking access to somebody's personal hot spot most likely qualifies. My guess would be that the hotel or other organizations using the blocking tech would probably just say the users/admin of the rogue APs are not authorized users as setting up said AP would probably be in contravention of the AUP of the hotel/org network. /Mike -- Hugo On 10/3/14 5:15 PM, Mike Hale eyeronic.des...@gmail.com wrote: So does that mean the anti-rogue AP technologies by the various vendors are illegal if used in the US? On Fri, Oct 3, 2014 at 4:54 PM, Jay Ashworth j...@baylink.com wrote: - Original Message - From: Ricky Beam jfb...@gmail.com It doesn't. The DEAUTH management frame is not encrypted and carries no authentication. The 802.11 spec only requires a reason code be provided. What's the code for E_GREEDY? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274 -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- Hugo
Re: Marriott wifi blocking
On 10/3/14, 8:45 PM, Hugo Slabbert wrote: Jay, Thanks; I think I was stretching this a bit far beyond just the Marriott example. Killing hotspots of completely discrete networks because $$$ is heinous. I had extended this to e.g.: 1. Hotel charges for either wired or wireless access per device and has network policies to that effect. OK. 2. Guest pays for a single device and hooks up an AP or AP/NAT combo to the wired port. Guest has only a single device connected to hotel's network, which he is paying for. OK. 3. User piggybacks multiple devices on that device's WLAN. His network, his rules. Hotel has no right to interfere. He only has one device connected to them. Same scenario as that of a residential ISP where a user pays for one dynamic IP address, installs a NAT box and connects several devices to it. If hotel has an AUP that specifically prohibits this, then they are within their rights to disconnect the user from their network, but not to interfere with his network. If they do so he now has his own little private WLAN going nowhere but it works just fine. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Re: Marriott wifi blocking
On 10/3/2014 22:09, valdis.kletni...@vt.edu wrote: On Fri, 03 Oct 2014 20:31:56 -0500, Larry Sheldon said: What it is about red-colored APs that is offensive? I have never seen one. It's a color code that indicates it's an RFC3514-compliant device. %^) -- The unique Characteristics of System Administrators: The fact that they are infallible; and, The fact that they learn from their mistakes. Quis custodiet ipsos custodes
Re: Marriott wifi blocking
On 10/3/2014 22:26, Hugo Slabbert wrote: On Sat 2014-Oct-04 08:37:32 +0530, Suresh Ramasubramanian ops.li...@gmail.com wrote: Wifi offered by a carrier citywide, or free wifi signals from a nearby hotel / park / coffee shop.. Perfect example (thanks) of why cutting off network attachment points would be fair game while effectively attacking other WLANs has collateral damage. Most crimes not committed by government entities have to go through an indictment-trial-conviction sequence before punisihment is administered. Except in Chicago. -- The unique Characteristics of System Administrators: The fact that they are infallible; and, The fact that they learn from their mistakes. Quis custodiet ipsos custodes
Re: Marriott wifi blocking
On 10/3/2014 23:31, Owen DeLong wrote: The hotel is being fined for blocking/jamming users setting up wifi via mobile technologies and such, not using the hotel's network. Hard for me to imagine how the hotel gets to insert itself into any applicable AUP in that scenario. +1 What happens if the AP happens to be stopped at a traffic light outside? -- The unique Characteristics of System Administrators: The fact that they are infallible; and, The fact that they learn from their mistakes. Quis custodiet ipsos custodes