Perhaps we are near the point that registering SSIDs similar to a call sign is required, which then warrants the use of security options. If you have a SSID named HARVARD and someone is using that same SSID within your 'territory' then it is obviously them being malicious. How that could be against regulation is beyond me. Likely, if you have policies in place that prohibit non-administered WLANs on your wired network then you should be able to use security measures to stop them as well.
Both of these scenarios increase security risks for users and protecting them should be paramount in my opinion. They are also much different than the Marriott situation. -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Healy Sent: Tuesday, April 10, 2018 3:58 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Rogue Containment (Was Re: Handling Wifi Deauth Attacks) On Apr 3, 2018, at 10:42 AM, Kenny, Eric <eric_ke...@harvard.edu> wrote: > > §333. Willful or malicious interference No person shall willfully or > maliciously interfere with or cause interference to any radio communications > of any station licensed or authorized by or under this chapter or operated by > the United States Government. > (June 19, 1934, ch. 652, title III, §333, as added Pub. L. 101–396, > §9, Sept. 28, 1990, 104 Stat. 850.) This quote reminded me of an issue we've discussed on this list previously: containing or deauthenticating rogue devices. I've changed the thread subject because this is a case where the WLAN operator is "interfering with" others (rather than being the victim). I've spoken informally with several people about this, and most feel that deauth for security reasons is OK. However, the letter of the law does not appear to have any sort of exemption. With the FCC consent decree against Marriott, I'm uncertain when (or if) it is OK to fight back against security threats. I reached out to the FCC to ask if they could clarify their stance and let me know if there were any circumstances where deauths were appropriate and not illegal. The FCC's response (and my initial questions) are below. Unfortunately, they had no firm guidance on this issue and suggested I contact other groups. Before I do that, does anyone on this list have any more conclusive guidance that they've already found? Thanks, Jason =============== FCC Response =============== Hi Jason, The majority of FCC decisions concerning “jamming” involve signal jammers that emit random RF noise, rather than Wi-Fi equipment that transmits deauthentication frames, so jammerinfo may not be the best source. The only official FCC guidance comes in the form of rules, orders, or other Commission pronouncements, and I’m not aware of any that speak directly to your questions. Unlike signal jammers, which never receive an FCC equipment authorization, Wi-Fi equipment is designed to enable, not interfere with, communications. The deauthentication feature is inherent to Wi-Fi operation and does not prevent FCC certification. However, even an authorized device, whether transmitting on licensed or unlicensed spectrum, can be operated in a manner that violates FCC rules. Thus, some enterprise equipment manufacturers have warned network administrators that improper use of deauthentication could land them in hot water. One takeaway from the Marriott case was that a business may not block hotspots indiscriminately or for commercial gain. Unfortunately, that case does not speak to whether private schools may do so under the circumstances you’ve presented below. With respect to security matters, shortly after Marriott was fined, the American Hotel & Lodging Assoc. filed an FCC petition asking for clarification on the network management measures that a hotel network administrator may lawfully take to secure the network from spoofers, honeypot attacks, etc. Though some parties assert that the group sought a rule that would allow extensive blocking, the petitioners asserted that it would be unreasonable to block hotspots that were not posing a security threat. (The petition and comments from interested parties in proceeding RM-11737 can be accessed on the Commission’s website, https://urldefense.proofpoint.com/v2/url?u=https-3A__www.fcc.gov_ecfs_&d=DwIFaQ&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4&m=ysI8MZpJSL9i59P3muTYWa4ce5JraPCgWYm-_aSjxL0&s=jmzzGunm7Ib9dt2vhA8PMiCd0UnXGC-9UzbVIycxW3Y&e= .) Under that interpretation, blocking all hotspots would only be permitted if each hotspot was individually deemed to pose a threat to network security. In any event, this petition was later withdrawn, so no declaratory ruling was issued and no limits were set in that proceeding. With respect to adjacent or cochannel interference, Wi-Fi operates on shared unlicensed frequencies, with no user having a greater right to use those frequencies. Section 15.5(b) of the rules ([ https://urldefense.proofpoint.com/v2/url?u=https-3A__www.gpo.gov_fdsys_pkg_CFR-2D2010-2Dtitle47-2Dvol1_xml_CFR-2D2010-2Dtitle47-2Dvol1-2Dsec15-2D5.xml&d=DwIFaQ&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4&m=ysI8MZpJSL9i59P3muTYWa4ce5JraPCgWYm-_aSjxL0&s=jtwVfcBvKjnCGsDsPwbTeWQBZqqxRArL30b8DNjgsMo&e= ]47 CFR § 15.5(b)) essentially provides that authorized equipment operating in unlicensed bands must accept interference from other authorized equipment. This rule appears to presume that normal co-channel interference is to be expected and accepted from nearby Wi-Fi networks. I would suggest contacting our substantive policy-making offices, such as the Wireless Telecommunications Bureau; they may be able to point you toward any specific guidance. And since this is an issue that school administrators across the nation must be tackling, I would also suggest contacting the relevant education policy groups. They may have already developed some suggested best practices that are tailored to the needs and objectives of the education community. Regards, Kevin Kevin M. Pittman Spectrum Enforcement Division Enforcement Bureau Federal Communications Commission =============== Original Request =============== Hello, I am responsible for the operation of a Wi-Fi network at a private high school. I've recently learned of this notice: https://urldefense.proofpoint.com/v2/url?u=https-3A__www.fcc.gov_document_warning-2Dwi-2Dfi-2Dblocking-2Dprohibited&d=DwIFaQ&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4&m=ysI8MZpJSL9i59P3muTYWa4ce5JraPCgWYm-_aSjxL0&s=bhVgXRb2abZRSdfRPPrPm4T0w29EBjjmmdLkqI0bpPo&e= I was previously aware of the enforcement against Marriott, but was under the assumption that it related specifically to blocking hotspots in an attempt to coerce people to use a paid service while on the hotel's premises. However, after reading the above notice, and other similar notices on the FCC site regarding interference, I have some questions. I want to make sure that we are operating within the guidelines from the FCC while also providing robust services for our users. In short, are there ANY circumstances where a Wi-Fi system is allowed to deauthenticate ("interfere with") other stations? The notices on your web site make it seem that the answer is "no", however: 1) Many of the notices pertain specifically to licensed frequency use (cell phone and GPS jamming), not unlicensed spectrum. Additionally, I understand the concern regarding emergency communications (911), but I'm not sure if Wi-Fi meets that same level of imporance and expected availability. 2) The notice above specifically mentions Marriott blocking Wi-Fi without a valid security concern. We have a written policy forbidding students from accessing the internet during certain periods of the day, and shut off their access during these times. Students setting up their own hotspots are attempting to evade this policy and thus are committing a "security" violation. 3) Additionally, some students impersonate our public SSIDs in an attempt to spoof clients or avoid detection. This is an even clearer security issue, and also involves the students willfully interfering with us. 4) The notice above mentions "commercial establishments". We are a private institution and provide our Wi-Fi free of charge. Any hotspot is therefore redundant and only degrades overall performance through co-channel interference. THe FCC regulations prohibit the sale of equipment designed to cause willful interference. My understanding is that most enterprise WLAN systems afford the capability to contain, mitigate, or otherwise "interfere" with rogue stations. As those features continue to exist (the systems are still sold and the feature is advertised), am I right to assume that there are some conditions where their use is appropriate and allowed by the FCC? Does the FCC have any written guidance regarding the use of these mitigation features of WLAN systems? If not, can you provide any clarification via email? With your permission, I would also like to share any answers with WLAN operators at other educational institutions, as I believe there are some misconceptions in the community regarding the FCC regulations specifically as they apply to Wi-Fi networks. Thank you for your time, Jason ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss&d=DwIFaQ&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4&m=ysI8MZpJSL9i59P3muTYWa4ce5JraPCgWYm-_aSjxL0&s=M0zqVC5VhSv99u7VVEOOQcubNPlYBE81OKDYe-ysBlM&e= . ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.