Re: Marriott wifi blocking
Very true. I wasn't talking about ideal solutions. I was talking about current state of FCC regulations. Further, you seem to assume a level of control over client behavior that is rare in my experience. Owen On Oct 4, 2014, at 13:44, Michael Thomas m...@mtcc.com wrote: On 10/04/2014 01:33 PM, Owen DeLong wrote: On Oct 4, 2014, at 12:39 , Brandon Ross br...@pobox.com wrote: On Sat, 4 Oct 2014, Michael Thomas wrote: The problem is that there's really no such thing as a copycat if the client doesn't have the means of authenticating the destination. If that's really the requirement, people should start bitching to ieee to get destination auth on ap's instead of blatantly asserting that somebody owns a particular ssid because, well, because. In the enterprise environment that there's been some insistence from folks on this list is a legitimate place to block rogue APs, what makes those SSIDs, yours? Just because they were used first by the enterprise? That doesn't seem to hold water in an unlicensed environment to me at all. Pretty much... Here's why... If you are using an SSID in an area, anyone else using the same SSID later is causing harmful interference to your network. It's a first-come-first-serve situation. Just like amateur radio spectrum... If you're using a frequency to carry on a conversation with someone, other hams have an obligation not to interfere with your conversation (except in an emergency). It's a bit more complicated there, because you're obliged to reasonably accommodate others wishing to use the frequency, but in the case of SSIDs, there's no such requirement. Now, if I start using SSID XYZ in building 1 and someone else is using it in building 3 and the two coverage zones don't overlap, I'm not entitled to extend my XYZ SSID into building 3 when I rent space there, because someone else is using it in that location first. I can only extend my XYZ coverage zone so far as there are no competing XYZ SSIDs in the locations I'm expanding in to. If the Marriott can't do this, I don't think anyone can, legally. If I set up something on an SSID Marriott is already using, then my bad and they have the right to take appropriate defensive action to protect their network. No. Seriously, no. Biggest come, biggest serve doesn't do a damn bit of good dealing with the actual problem which is one of authentication. Think of this with the big I internet without TLS. What you're asking for is complete chaos. Stomping on other AP is an arms race in which nobody wins. If I want to guarantee that I only connect to $MEGACORP AP's, I should be using strong authentication, not AP neutron bombs to clear the battlefield. Mike
Re: Marriott wifi blocking
On Oct 4, 2014, at 17:58, Brett Frankenberger rbf+na...@panix.com wrote: On Sat, Oct 04, 2014 at 01:33:13PM -0700, Owen DeLong wrote: On Oct 4, 2014, at 12:39 , Brandon Ross br...@pobox.com wrote: On Sat, 4 Oct 2014, Michael Thomas wrote: The problem is that there's really no such thing as a copycat if the client doesn't have the means of authenticating the destination. If that's really the requirement, people should start bitching to ieee to get destination auth on ap's instead of blatantly asserting that somebody owns a particular ssid because, well, because. In the enterprise environment that there's been some insistence from folks on this list is a legitimate place to block rogue APs, what makes those SSIDs, yours? Just because they were used first by the enterprise? That doesn't seem to hold water in an unlicensed environment to me at all. Pretty much... Here's why... If you are using an SSID in an area, anyone else using the same SSID later is causing harmful interference to your network. It's a first-come-first-serve situation. Just like amateur radio spectrum... If you're using a frequency to carry on a conversation with someone, other hams have an obligation not to interfere with your conversation (except in an emergency). It's a bit more complicated there, because you're obliged to reasonably accommodate others wishing to use the frequency, but in the case of SSIDs, there's no such requirement. Now, if I start using SSID XYZ in building 1 and someone else is using it in building 3 and the two coverage zones don't overlap, I'm not entitled to extend my XYZ SSID into building 3 when I rent space there, because someone else is using it in that location first. So your position is that if I start using Starbuck's SSID in a location where there is no Starbuck, and they layer move in to that building, I'm entitled to compel them to not use their SSID? It isn't Starbuck's SSID. There are no ownership rights or registrations of SSIDs for unlicensed wireless networks. So, under the existing regulatory framework, whoever arrived last is the one causing harmful interference. I can only extend my XYZ coverage zone so far as there are no competing XYZ SSIDs in the locations I'm expanding in to. Is ther FCC guidance on this, or is this Regulations As Interpreted By Owen? This is many FCC responses to various part 15 interference complaints as interpreted by Owen. Depends on whether you were the first one using the SSID in a particular location or not. Sure, this can get ambiguous and difficult to prove, but the reality is that most cases are pretty clear cut and it's usually not hard to tell who is the interloper on a given SSID. It's usually easy to tell, but I doubt the FCC would find it relevant. There's a lot of amateur lawyering ogain on in this thread, in an area where there's a lot of ambiguity. We don't even know for sure that what Marriott did is illegal -- all we know is that the FCC asserted it was and Mariott decided to settle rather than litigate the matter. And that was an extreme case -- Marriott was making transmissions for the *sole purpose of preventing others from using the spectrum*. I don't see a lot of ambiguity in a plain text reading of part 15. Could you please read part 15 and tell me what you think is ambiguous? Owen -- Brett
Re: Marriott wifi blocking
On 10/04/2014 11:13 PM, Owen DeLong wrote: Very true. I wasn't talking about ideal solutions. I was talking about current state of FCC regulations. Further, you seem to assume a level of control over client behavior that is rare in my experience. Owen I this particular case, I think that enterprise could go a very long way to driving a solution through standards and deployment. They, after all, call the shots of who does and who doesn't get over the corpro-drawbridge. A much different state of affairs than the typical unwashed masses dilemma. Assuming that there's the perception that this is a big enough problem, of course. Mike
Re: Marriott wifi blocking
Perhaps. I admit that trademark would be a novel approach that might succeed. Of course if I put a satire of Starbucks up on the captive portal, do I qualify under the fair use doctrine for satire? I think in most cases, people are able to be adults and work it out reasonably without involving the FCC or the PTO. Owen On Oct 4, 2014, at 19:04, Matthew Petach mpet...@netflight.com wrote: On Sat, Oct 4, 2014 at 5:58 PM, Brett Frankenberger rbf+na...@panix.com wrote: ... So your position is that if I start using Starbuck's SSID in a location where there is no Starbuck, and they layer move in to that building, I'm entitled to compel them to not use their SSID? This would be why commercial entities often use their trademark identifiers as part of the SSID. You can compel them (briefly) not to use the SSID, until they sue you for trademark infringement and serve cease-and-desist orders against you for unlicensed and unauthorized use of the Starbucks name. Totally separate realm of enforcement, and in many ways far more effective. Matt
Re: Marriott wifi blocking
On 10/4/2014 12:23, Jay Ashworth wrote: - Original Message - From: Majdi S. Abbas m...@latt.net I've seen this in a few places, but if anyone encounters similar behavior, I suggest the following: - Document the incident. - Identify the make and model of the access point, or controller, and be sure to pass along this information to the FCC's OET: http://transition.fcc.gov/oet/ Vendors really need to start losing their US device certification for devices that include advertised features that violate US law. It would put a stop to this sort of thing pretty quickly. Majdi makes an excellent point, but I want to clarify it, so no one misses the important subtext: It is OK for an enterprise wifi system to make this sort of attack *on rogue APs which are trying to pretend to be part of it (same ESSID). It is NOT OK for an enterprise wifi system to make this sort of attack on APs which *are not trying to pretend to be part of it* (we'll call this The Marriott Attack from now on, right?) Rogue AP prevention is a *useful* feature in enterprise wifi systems... but *that isn't what Marriott was doing*. I can agree that prevention of foreign attachments to a net work is morally OK. -- The unique Characteristics of System Administrators: The fact that they are infallible; and, The fact that they learn from their mistakes. Quis custodiet ipsos custodes
RE: Equinix Sales
Equinix sales is broken down by region. Where are you looking to go? -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Justin Wilson Sent: Saturday, October 04, 2014 8:28 PM To: Daniel Corbe; nanog@nanog.org Subject: Re: Equinix Sales I have a contact. I ill dig it up. On 10/3/14, 10:33 AM, Daniel Corbe co...@corbe.net wrote: Equinix Sales seem impossible to reach. Should I just give up and go through a sales agent or can someone from Equinix sales contact me off-list?
FCC delays Comcast / TWC merger 180 days
http://www.forbes.com/sites/amadoudiallo/2014/10/04/comcast-merger-review-put-on-hold-by-fcc/ Seems to be both on-topic, and timely, given the start of NANOG62 is tomorrow (or today for some). As I mentioned elsewhere, if the FCC asked both companies to provide info and both companies did not provide the info, delaying the merger 180 days is actually a pretty minor penalty. When I don't give the gov't what they want, I usually get a far harsher punishment than no problem, we'll give you more time. -- TTFN, patrick
Re: Marriott wifi blocking
* Jay Ashworth: It is OK for an enterprise wifi system to make this sort of attack *on rogue APs which are trying to pretend to be part of it (same ESSID). What if the ESSID is Free Internet, or if the network is completely open? Does it change things if you have data that shows your customers can be duped even by networks with a non-colliding ESSID?
Re: Marriott wifi blocking
Well now, Florian, there you lead me into deep water. I am inclined to say that that circumstance would fall into the category of things you might have a valid reason to want to do, but which the regulations might prevent you from doing even if they are drawn thoughtfully. Myself, I am inclined to think that you have a right to try to protect your users of your ESSID network from people pretending to be it, but that you probably don't have a right to try to protect people who are too stupid to be attaching to the right thing. And yes, I realize that if a Windows machine for example tries to attach to a network and gets knocked off it might move down its list and the user might not notice. If your network is this much of an attack target, make sure your building is a Faraday cage, and then you can knock off anything you like. In the final analysis, what will really happen in a business environment, is likely just that your warning system will warn you, and you will walk around with an AirCheck and find the rogue AP and unplug it and beat over the head with it whomever set it up. :-) On October 5, 2014 3:57:05 PM EDT, Florian Weimer f...@deneb.enyo.de wrote: * Jay Ashworth: It is OK for an enterprise wifi system to make this sort of attack *on rogue APs which are trying to pretend to be part of it (same ESSID). What if the ESSID is Free Internet, or if the network is completely open? Does it change things if you have data that shows your customers can be duped even by networks with a non-colliding ESSID? -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Re: Marriott wifi blocking
- Original Message - From: Matthew Petach mpet...@netflight.com This would be why commercial entities often use their trademark identifiers as part of the SSID. You can compel them (briefly) not to use the SSID, until they sue you for trademark infringement and serve cease-and-desist orders against you for unlicensed and unauthorized use of the Starbucks name. Totally separate realm of enforcement, and in many ways far more effective. Though this requires you to buy the argument that the use of a wordmark *in an address of some time* is infringing under the terms of the Lanham Act, which is a point on which I don't believe there's presently any case law, and which I think would be a difficult argument to prosecute against a properly defended plaintiff. Just *using a word* that someone has registered as a wordmark is not inherently infringement, or Ford City PA would be in serious trouble. The Lanham Act is *quite* clear on what is an infringing use, and I don't myself believe the posited case qualifies. Cheers, -- jr 'IANAL' a -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Netalyzr Android: call for volunteers
Hi all, Netalyzr is a free network measurement and debugging app developed by the International Computer Science Institute, Berkeley. It is designed to check for a wide range of network problems and neutrality violations, including unadvertised port filtering, DNS wildcarding, and hidden proxy servers. Our browser applet has more than a million runs. Netalyzr for Android was released in October 2013. We are happy to announce a new release that has new tests for better middlebox probing and a better UI. If you're interested, you can download and run the app from Google Play [1]. If you already have the app, please consider updating and re-running it - it would be very helpful for us to capture updates regarding how the mobile Internet is evolving. Oh and: please consider watching our talk at NANOG 62 on Monday [2]! Thanks, The Netalyzr Team. [1] https://play.google.com/store/apps/details?id=edu.berkeley.icsi.netalyzr.androidhl=en [2] https://www.nanog.org/meetings/abstract?id=2419
Re: Marriott wifi blocking
On Sat, Oct 04, 2014 at 11:19:57PM -0700, Owen DeLong wrote: There's a lot of amateur lawyering ogain on in this thread, in an area where there's a lot of ambiguity. We don't even know for sure that what Marriott did is illegal -- all we know is that the FCC asserted it was and Mariott decided to settle rather than litigate the matter. And that was an extreme case -- Marriott was making transmissions for the *sole purpose of preventing others from using the spectrum*. I don't see a lot of ambiguity in a plain text reading of part 15. Could you please read part 15 and tell me what you think is ambiguous? Marriott was actually accused of violating 47 USC 333: No person shall willfully or maliciously interfere with or cause interference to any radio communications of any station licensed or authorized by or under this chapter or operated by the United States Government. In cases like the Marriott case, where the sole purpose of the transmission is to interfere with other usage of the transmission, there's not much ambiguity. But other cases aren't clear from the text. For example, you've asserted that if I've been using ABCD as my SSID for two years, and then I move, and my new neighbor is already using that, that I have to change. But that if, instead of duplicating my new neighbor's pre-existing SSID, I operate with a different SSID but on the same channel, I don't have to change. I'm not saying your position is wrong, but it's certainly not clear from the text above that that's where the line is. That's what I meant by ambiguity. (What's your position on a case where someone puts up, say, a continuous carrier point-to-point system on the same channel as an existing WiFi system that is now rendered useless by the p-to-p system that won't share the spectrum? Illegal or Legal? And do you think the text above is unambiguous on that point?) -- Brett
Re: Marriott wifi blocking
On Sun, Oct 5, 2014 at 6:13 PM, Brett Frankenberger rbf+na...@panix.com wrote: For example, you've asserted that if I've been using ABCD as my SSID for two years, and then I move, and my new neighbor is already using that, that I have to change. But that if, instead of duplicating my [snip] Actually... I would suggest that it is not entirely clear if you have to change or not. Your conflicting SSID in no way impedes the use of the spectrum, one of you just has to recode your SSID; this is different from setting up a WIPS Rogue AP containment feature to completely block an AP from ever being used. If your SSID happens to conflict with your neighbor's SSID by coincidence, and the SSID is a common name such as Linksys, then this conflict alone probably does not qualify as willful or malicious interference. As the spectrum is unlicensed, neither of you is a licensed station, and neither of you has priority; neither of your stations is a primary or secondary user.Both of your stations has to accept the unintended interference in the unlicensed frequencies; it is essentially up to the two of you to either take it upon yourself to change your own SSID, or to negotiate with your neighbor. On the other hand, if you chose a SSID for your AP of STARBUCKS and you set this up in proximity to a Starbucks location or selected [YOURNEIGHBORSCOMPANYNAME] as your SSID; it would seem to be more evident that any interference that was occuring to their wireless station operation was willful and possibly a malicious attempt to compromise client security. -- -JH
Re: large BCP38 compliance testing
On Fri, Oct 03, 2014 at 03:20:58PM -0400, Alain Hebert wrote: On the 1st of January 2015: That's quite short notice. Perhaps we could delay it by exactly three months? - Matt
Re: large BCP38 compliance testing
On Thu, Oct 2, 2014 at 10:54 AM, valdis.kletni...@vt.edu wrote: The *real* problem isn't the testing. It's the assumption that you can actually *do* anything useful with this data. Name-n-shame probably won't get us far - and the way the US works, if there's a At least name and shame is something more useful than nothing done. Ideally you would have transit providers and peering exchanges placing Must implement BCP38 into their peering policy, and then they could use the data to help enforce their peering policies. -- -JH