Shellshock vulnerability research leads to WHAT?!
While a little off-topic for the NANOG list, I figured some of you may want to know about this. I started researching and testing this vulnerability the day it was released, and once I started researching its usage/exploitation in the wild, I identified that a few major sites were actually compromised using the vulnerability - Yahoo! being one in particular. Tripod/Lycos and WinZip.com were also compromised. Yahoo! reached out and gave me a response, albeit a very weak one, only after the FBI, media and CEO Marissa Mayers was contacted... WinZip patched their boxes and didn't bother responding or notifying me that they got it done. Please do excuse the scattered nature of the email sent to Marissa Mayers @ Yahoo! - there were other correspondences that are currently being kept private, and at the time that I wrote that one, I had been awake for roughly 48 hours and was fueled on caffeine and nicotine. The chances are highly likely that Yahoo! is going to do their best at keeping this quiet and not release any information or details on this, and I figured that some of at are undoubtedly just as at risk from this as anyone else. Please see the rest of everything related to this at http://www.futuresouth.us/yahoo_hacked.html And http://www.futuresouth.us/yahoo_response.jpg for their initial response. Non-authoritative answer: Name: dip4.gq1.yahoo.com Address: 63.250.204.25 Non-authoritative answer: Name: api118.sports.gq1.yahoo.com Address: 10.212.240.43 These are the two servers that were 100% positively identified thus far as being compromised by both me and Yahoo!, with dip4.gq1.yahoo.com being the initial point of entry via Shellshock. Jonathan D. Hall Future South Technologies www.futuresouth.us (504) 470-3748 - [main] (504) 232-3306 - [cell] Life is a dream for the wise, a game for the fool, a comedy for the rich and a tragedy for the poor.
Re: Marriott wifi blocking
On Sat, Oct 04, 2014 at 11:19:57PM -0700, Owen DeLong wrote: There's a lot of amateur lawyering ogain on in this thread, in an area where there's a lot of ambiguity. We don't even know for sure that what Marriott did is illegal -- all we know is that the FCC asserted it was and Mariott decided to settle rather than litigate the matter. And that was an extreme case -- Marriott was making transmissions for the *sole purpose of preventing others from using the spectrum*. I don't see a lot of ambiguity in a plain text reading of part 15. Could you please read part 15 and tell me what you think is ambiguous? Marriott was actually accused of violating 47 USC 333: No person shall willfully or maliciously interfere with or cause interference to any radio communications of any station licensed or authorized by or under this chapter or operated by the United States Government. In cases like the Marriott case, where the sole purpose of the transmission is to interfere with other usage of the transmission, there's not much ambiguity. But other cases aren't clear from the text. For example, you've asserted that if I've been using ABCD as my SSID for two years, and then I move, and my new neighbor is already using that, that I have to change. But that if, instead of duplicating my new neighbor's pre-existing SSID, I operate with a different SSID but on the same channel, I don't have to change. I'm not saying your position is wrong, but it's certainly not clear from the text above that that's where the line is. That's what I meant by ambiguity. I've watched this discussion with much amusement. In a manner similar to our legal system, where a lot of the law is actually defined by what is commonly called case law, most of the non-radio geeks here are talking about radios and spectrum as though all of this represents some sort of new problem, when in fact the agency tasked with handling it is older than any of us. (What's your position on a case where someone puts up, say, a continuous carrier point-to-point system on the same channel as an existing WiFi system that is now rendered useless by the p-to-p system that won't share the spectrum? Illegal or Legal? And do you think the text above is unambiguous on that point?) It doesn't matter if you think your quoted text on this point is ambiguous. The fact of the matter is that decades of policy are that the FCC decided many years ago that you cannot go onto shared, unlicensed spectrum with a powerful transmitter and hold the mic open with the intent to disrupt the legitimate communications traffic of others on that channel. This logically derives fairly straightforwardly from the quoted text, and the fact that wifi deauth interference is merely a packet-pushing variant of this isn't really hard for the average person to extrapolate. But they also have decades of experience with other aspects of more subtle radio shenanigans, and they have the authority to sort it all out, so what we should really be hoping for is that the FCC doesn't do something onerous like mandate registration of access point MAC's and SSID's if and when it gets to a point where it is considered a true problem. That could well be the regulatory solution to your ABCD problem, but it would be a heavyhanded fix to a minor problem. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again. - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Re: Marriott wifi blocking
On Sat, Oct 4, 2014 at 4:32 AM, Jay Ashworth j...@baylink.com wrote: Hugo, I still don't think that you have quite made it to the distinction that we are looking for here. In the case of the hotel, we are talking about an access point that connects via 4G to a cellular carrier. An access point that attempts to create its own network for the subscribers devices. A network disjoint from the network provided by the hotel or its contractor. To put it another way, if you plugged a USB cable into the 4G device and the other end into a laptop, and a hotel manager appeared with a big pair of scissors and cut through it, in an effort to make you buy WLAN service from the hotel, nobody would think this either legal or reasonable. Why should it be more acceptable because you used radio? What about IrDA, if you're a technical masochist? This is a different case from the circumstance in a business office where equipment is deployed to prevent someone from walking in with an access point /which pretends to be part of the network which the office runs./ In the latter case, the security hardware is justified in deassociating people from the rogue access point, /because it is pretending to be part of a network it is not authorized to be part of/. In the Marriott case, that is not the circumstance. The networks which the deauth probes are being aimed at are networks which are advertising themselves as being /separate from the network operated by the hotel/, and this is the distinction that makes Marriott's behavior is unacceptable. (In my opinion; I am NOT a lawyer. If following my advice breaks something, you get to keep both pieces.) On October 3, 2014 11:04:08 PM EDT, Hugo Slabbert h...@slabnet.com wrote: On Fri 2014-Oct-03 19:45:57 -0700, Michael Van Norman m...@ucla.edu wrote: On 10/3/14 7:25 PM, Hugo Slabbert h...@slabnet.com wrote: On Fri 2014-Oct-03 17:21:08 -0700, Michael Van Norman m...@ucla.edu wrote: IANAL, but I believe they are. State laws may also apply (e.g. California Code - Section 502). In California, it is illegal to knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network. Blocking access to somebody's personal hot spot most likely qualifies. My guess would be that the hotel or other organizations using the blocking tech would probably just say the users/admin of the rogue APs are not authorized users as setting up said AP would probably be in contravention of the AUP of the hotel/org network. They can say anything they want, it does not make it legal. There's no such thing as a rogue AP in this context. I can run an access point almost anywhere I want (there are limits established by the FCC in some areas) and it does not matter who owns the land underneath. They have no authority to decide whether or not my access point is authorized. They can certainly refuse to connect me to their wired network; and they can disconnect me if they decide I am making inappropriate use of their network -- but they have no legal authority to interfere with my wireless transmissions on my own network (be it my personal hotspot, WiFi router, etc.). FWIW, the same is true in almost all corporate environments as well. Thanks; I think that's the distinction I was looking for here. By spoofing deauth, the org is actively/knowingly participating on *my network* and causing harm to it without necessarily having proof that *my network* is in any way attached to *their network*. The assumption in the hotel case is likely that the WLANs of the rogue APs they're targeting are attached to their wired network and are attempts to extend that wireless network without authorization (and that's probably generally a pretty safe assumption), but that doesn't forgive causing harm to that WLAN. There's no reason they can't cut off the wired port of the AP if it is connected to the org's network as that's their attachment point and their call, but spoofed deauth stuff does seem to be out of bounds. I'm not clear on whether it runs afoul of FCC regs as it's not RF interference directly but rather an (ab)use of higher layer control mechanisms operating on that spectrum, but it probably does run afoul of most thou shalt not harm other networks legislation like the California example. /Mike -- Hugo -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Level3 contact
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, If someone from Level3 (Europe) with core access is here and willing to assist, please can you contact me off-list for routing issues related to AS2614 (RoEduNet) BGP in Bucharest, RO ? Thanks. - -- Valeriu Vraciu RoEduNet (AS2614) -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iEYEARECAAYFAlQydaoACgkQncI+CatY949o0QCaAxLGeRzBcOMrxlQaSy8oBKeS swAAn3lkwk+Z66lRnzz4Q8U9zdGoe98V =/mSr -END PGP SIGNATURE-
Re: Marriott wifi blocking
On Fri, Oct 03, 2014 at 07:57:07PM -0700, Hugo Slabbert wrote: But it's not a completely discrete network. It is a subset of the existing network in the most common example of e.g. a WLAN + NAT device providing access to additional clients, or at least an adjacent network attached to the existing one. Okay: theoretically a guest could spin up a hotspot and not attach it to the hotel network at all, but I'm assuming that's a pretty tiny edge case. I don't think it is. It's common for phones to be able to share their 3G/4G/whatever wossnames with other devices over wifi. And these days you don't even have to pay the telco extra. -- David Cantrell | A machine for turning tea into grumpiness Cynical is a word used by the naive to describe the experienced. George Hills, in uknot
Google Search Contact
Sorry for the noise, but can anyone get me in touch with a contact at Google, specifically regarding Google Search? Please reply off-list. Thanks. -Vinny
Re: large BCP38 compliance testing
On 10/03/14 19:36, Jay Ashworth wrote: - Original Message - From: Alain Hebert aheb...@pubnix.net PS: About that uRPF Convo, we could dump all that knowledges into lets say... some comprehensive wiki page maybe =D That way when the topic arise we could just link to it. Gee, Alain... where would people find a wiki like that? Cheers, -- jra On google maybe... I see someone is already squatting http://www.bcp38.info :( ( /end_of_friday_silliness )
Re: Google Search Contact
I would also appreciate a similar contact regarding search, please contact off list. Thanks. -- Chip e:h...@itschip.com m:+44 (0) 785 752 7096 p:+44 (0) 800 710 1182 w:https://itschip.com Original Message From: vinny_abe...@dell.com Sent: Monday, 6 October 2014 13:29 To: nanog@nanog.org Subject: Google Search Contact Sorry for the noise, but can anyone get me in touch with a contact at Google, specifically regarding Google Search? Please reply off-list. Thanks. -Vinny
visibility/reachability of longer-than-/24 IPv4 prefixes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear colleagues, In a cooperation between the RIPE NCC and ARIN we investigate the visibility/reachability of longer-than-/24 prefixes out of ARIN's 23.128/10 IPv4 address block. This part of ARIN policy (https://www.arin.net/policy/nrpm.html#four10) elicited much discussion on NANOG earlier this year, so we decided to try and measure the current state of the network with regards to longer-than-/24 IPv4 prefixes. We've now published a RIPE Labs article with initial analysis results: https://labs.ripe.net/Members/emileaben/propagation-of-longer-than-24-ipv4-prefixes Spoiler: the longer-than-/24 prefixes are not very visible/reachable. Having route-objects improves visibility/reachability, but only a little bit. cheers, Emile Aben RIPE NCC -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJUMqgKAAoJEKxthF6wloMO9LUQAITnqRgmI0G7yD7Vv7E30wpu W2YwXV6nP3ssq7XDE/ByqmXzDycS9Iu3/h+IK9Th5KqeCJIfGsyIDGvD1P4QCswd vyTA0a6iND03cX1JbuuA6mQZyf7oeIsFeCUzxjTBBTU0K2O62ngrnr74K6LCFNx9 2k4gSyyn1BJ4FQpgXgRnaADrcKR9pvYXa92HRCXZwXl7hBsbo213u79CNc8iF6nH einYXqifNzxjoNtUqHKDPFX93t5nHSUGJBqV2Xe/Lr89aGSGkXdlGZqd1GhFdaPf O0gryNJWg2r3maM0THte/UYIzFKaVS71f5eZj+blj1eb9mIxLcVPtIdh8rB7JJ8r Pyi3yOjBdusntGY3dfsG4pYV80og2yn8AIVQde0hBEoreESjqGzMv74ZO7avXtZ6 K3c48uS/sL49EXafDgiinJ+9YblqCd4+cw0YockbCl5WFSZGRzth1R1J7UESgVH6 gk0yO9BzmHcuNLcxJVfRJJV4NkEJ+sVAuFwFWmushPjQWm1PGLDCVBhRvynOxvOK eqff9Rs0SkQpJ9gN05HnaWcb87gjjTFKWxZ8l2xbZo4JkAgRSvMLkrthviSvN2PX 7DhGlC+hlq4mpR/y1YwiEF4oMFkH9feni4P0lFfbLNR2I72MyAv0lIu9hawIUpwn ryDIUKXZOvPifOAs/5PA =vaXm -END PGP SIGNATURE-
Re: Marriott wifi blocking
On Oct 4, 2014, at 11:23 PM, Michael Thomas m...@mtcc.com wrote: On 10/04/2014 11:13 PM, Owen DeLong wrote: Very true. I wasn't talking about ideal solutions. I was talking about current state of FCC regulations. Further, you seem to assume a level of control over client behavior that is rare in my experience. Owen I this particular case, I think that enterprise could go a very long way to driving a solution through standards and deployment. They, after all, call the shots of who does and who doesn't get over the corpro-drawbridge. A much different state of affairs than the typical unwashed masses dilemma. Not sure what you mean by corpro-drawbridge in this context. Some corporations exercise extreme control over their clients. They are the exception, not the rule. The vast majority of corporate environments have to face the realities of BYOD and minimal control over client configuration, software load, etc. Assuming that there's the perception that this is a big enough problem, of course. Not sure. The issue you seem to be talking about seems somewhat orthogonal to the original topic of the thread, so I”m not sure going too deep into it in this forum is appropriate. Owen
Re: Marriott wifi blocking
On Oct 5, 2014, at 12:57 PM, Florian Weimer f...@deneb.enyo.de wrote: * Jay Ashworth: It is OK for an enterprise wifi system to make this sort of attack *on rogue APs which are trying to pretend to be part of it (same ESSID). What if the ESSID is Free Internet, or if the network is completely open? Does it change things if you have data that shows your customers can be duped even by networks with a non-colliding ESSID? To the best of my knowledge, not under the current regulatory framework. It’s not considered harmful interference if the SSID isn’t conflicting. The fact that your users are stupid isn’t license for you to attack someone else’s network. Owen
VDSL concentrator
I'm searching for a low price VDSL DSLAM like e.g. the Patton FF3210P. I need to redistribute the connectivity to customers inside a large campus but i don't need any particular additional service. Do you have any advice? Thanks! Mirko
Re: Marriott wifi blocking
On 10/03/2014 04:26 PM, Hugo Slabbert wrote: On Fri 2014-Oct-03 16:01:21 -0600, John Schiel jsch...@flowtools.net wrote: On 10/03/2014 03:23 PM, Keenan Tims wrote: The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers. I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum. +1 My reading of this is that these features are illegal, period. Rogue AP detection is one thing, and disabling them via network or administrative (ie. eject the guest) means would be fine, but interfering with the wireless is not acceptable per the FCC regulations. Seems like common sense to me. If the FCC considers this 'interference', which it apparently does, then devices MUST NOT intentionally interfere. I would expect interfering for defensive purposes **only** would be acceptable. What constitutes defensive purposes? Whoa, lots of replies this weekend. I haven't made my way through all of them but the point was to try and protect your network from an offensive device. It seems though, if you are law abiding and follow the FCC rules, you **cannot** protect yourself very well using the wireless spectrum. Need to do some more reading I guess. --John --John K
Re: Marriott wifi blocking
On 10/06/2014 07:37 AM, Owen DeLong wrote: On Oct 4, 2014, at 11:23 PM, Michael Thomas m...@mtcc.com wrote: On 10/04/2014 11:13 PM, Owen DeLong wrote: Very true. I wasn't talking about ideal solutions. I was talking about current state of FCC regulations. Further, you seem to assume a level of control over client behavior that is rare in my experience. Owen I this particular case, I think that enterprise could go a very long way to driving a solution through standards and deployment. They, after all, call the shots of who does and who doesn't get over the corpro-drawbridge. A much different state of affairs than the typical unwashed masses dilemma. Not sure what you mean by corpro-drawbridge in this context. Some corporations exercise extreme control over their clients. They are the exception, not the rule. The vast majority of corporate environments have to face the realities of BYOD and minimal control over client configuration, software load, etc. It means that they can exercise control of what they allow on their corporate network, byod or not. Nobody would allow a WEP-only wireless device on their network these days, so it's not hard to imagine that if a standard for authenticating AP's became available and enterprises went to the effort to upgrade their AP kit, they could reasonably say use a client that supports this, or you must vpn in. That's a much better outcome than quibbling about squatter's rights, blah blah blah. Mike
Re: Marriott wifi blocking
On Oct 5, 2014, at 4:31 PM, Jimmy Hess mysi...@gmail.com wrote: On Sun, Oct 5, 2014 at 6:13 PM, Brett Frankenberger rbf+na...@panix.com wrote: For example, you've asserted that if I've been using ABCD as my SSID for two years, and then I move, and my new neighbor is already using that, that I have to change. But that if, instead of duplicating my [snip] Actually... I would suggest that it is not entirely clear if you have to change or not. Your conflicting SSID in no way impedes the use of the spectrum, one of you just has to recode your SSID; this is different from setting up a WIPS Rogue AP containment feature to completely block an AP from ever being used. If your SSID happens to conflict with your neighbor's SSID by coincidence, and the SSID is a common name such as Linksys, then this conflict alone probably does not qualify as willful or malicious interference. Right… You probably don’t face the issues under 47CFR333, but you’ve still got a 47CFR15.5 problem of harmful interference. As the spectrum is unlicensed, neither of you is a licensed station, and neither of you has priority; neither of your stations is a primary or secondary user.Both of your stations has to accept the unintended interference in the unlicensed frequencies; it is essentially up to the two of you to either take it upon yourself to change your own SSID, or to negotiate with your neighbor. Actually, in multiple situations, the FCC has stated that you are responsible when deploying a new unlicensed transmitter to insure that it is deployed in such a way that it will not cause harmful interference to existing operations. Using the same SSID of someone else who is already present would, IMHO, meet the test of “causing harmful interference”. On the other hand, if you chose a SSID for your AP of STARBUCKS and you set this up in proximity to a Starbucks location or selected [YOURNEIGHBORSCOMPANYNAME] as your SSID; it would seem to be more evident that any interference that was occuring to their wireless station operation was willful and possibly a malicious attempt to compromise client security. Willful and malicious only comes into play if you’re looking to prosecute under 333. Any harmful interference is still a problem under 15.5. Owen
Final Reminder - ARIN Public Policy Consultation at NANOG 62 Baltimore
NANOG 62 Baltimore Attendees (and Remote Participants) - Starting at 9 AM tomorrow, there will be an ARIN Public Policy Consultation in the Chesapeake AB room. A list of the draft policies that will be discussed is attached (and available online on the event Agenda page.) This a great opportunity for the network operator community to feedback on these proposed policies, particularly if you are not staying for the ARIN meeting which follows NANOG 62 this week. All NANOG attendees are encouraged to participate, as adopted policies will affect that administration of number resources in the region. See you tomorrow morning! /John p.s. If you are not on-site in Baltimore, you can still remotely participate in the ARIN Public Policy Consultation; please preregister via the Register link at the bottom of the Agenda page - http://www.cvent.com/events/arin-ppc-at-nanog-62/agenda-78d7056632c14ccba5edf2cfd9d1e44c.aspx NANOG Folks - There are a number of proposed changes to number resource policy in the ARIN region, and you'll have two opportunities to discuss these proposals next week in Baltimore (or remotely, as you prefer) The Public Policy Consultation within NANOG takes place on Tuesday morning from 9 to 1 PM; everyone is welcome (although preregistration is required if you are not already registered for NANOG.) The ARIN 34 Meeting will follow NANOG on Thursday and Friday; we will have discussions of policy changes, as well as ARIN fee schedule, changes in the stewardship of the IANA functions, and more. Information on ARIN registration is also included in the attached message. I look forward to seeing everyone in Baltimore! /John John Curran President and CEO ARIN Begin forwarded message: From: ARIN i...@arin.netmailto:i...@arin.net Subject: [arin-announce] The PPC @ NANOG 62 ARIN 34 Will Be Here Soon – Get Ready! Date: October 2, 2014 at 1:18:17 PM EDT To: arin-annou...@arin.netmailto:arin-annou...@arin.net Next week will be busy! With the Public Policy Consultation (PPC) at NANOG 62 and ARIN 34 Public Policy and Members Meeting, we will be in the thick of important community discussions on ten policy proposals. * Recommended Draft Policy ARIN-2014-9: Resolve Conflict Between RSA and 8.2 Utilization Requirements * Draft Policy ARIN-2014-6: Remove 7.1 [Maintaining IN-ADDRs] * Draft Policy ARIN-2014-15: Allow Inter-RIR ASN Transfers * Draft Policy ARIN-2014-14: Removing Needs Test from Small IPv4 Transfers * Draft Policy ARIN-2014-20: Transfer Policy Slow Start and Simplified Needs Verification * Draft Policy ARIN-2014-1: Out of Region Use * Draft Policy ARIN-2014-16: Section 4.10 Austerity Policy Update * Draft Policy ARIN-2014-17: Change Utilization Requirements from last-allocation to total-aggregate * Draft Policy ARIN-2014-18: Simplifying Minimum Allocations and Assignments * Draft Policy ARIN-2014-19: New MDN Allocation Based on Past Utilization Whether you plan to join us online or in-person, we want to make sure you are ready. To help you prepare for the meeting, ARIN has published all of the meeting materials online for you to review or download before the meeting begins. Just visit: https://www.arin.net/ppc_materials or https://www.arin.net/ARIN34_materials Copies of the presentations of the meetings will also be posted at the above URLs once the meeting has started, as they are available. We hope to see you in Baltimore, but if you are unable to join us in person, be sure to keep up with us by participating remotely! View the agenda, learn more about remote participation, and register today by visiting: The PPC at NANOG 62: https://www.arin.net/ppcnanog62 ARIN 34: https://www.arin.net/ARIN34 Please contact us at i...@arin.net if you have any questions. Regards, Communications and Member Services American Registry for Internet Numbers (ARIN)
A few Baltimore tips for this week
Restaurants worth visiting: the Waterfront Kitchen (pricey, worth it, harbor views), The Helmand (Afghan, delicious, charming hosts), McCormick Schmick's (seafood, harbor views), The Black Olive (Greek), BO Brasserie (great cocktails too), Sotto Sopra (Italian), Da Mimmo's (Italian) Restaurants with good beer: The Brewer's Art (home of Resurrection Ale), The Alewife (one dining room is a former bank vault), Heavy Seas Ale House (extradinary beers, matey) What you should try: crabs (steamed, soft-shell, crabcakes or any other way you can get them) seasoned (of course) with Old Bay Places to go in your copious free time: American Visionary Art Museum, the National Aquarium, Fort McHenry The Charm City Circulator is a free bus service that runs on various routes downtown. Water taxis (not free) run across the harbor. Do not be confused if someone says Welcome to Bawlmer Merlund, hon: you're in the correct city. Fells Point, Canton, the Inner Harbor and Federal Hill are all reasonably safe. Travel in groups at night and/or take a cab if it's late. Stay the hell away from North Avenue unless you want to be an extra in The Wire. Berger Cookies are really bad for your diet and you definitely want some. Don't fall into the harbor, the water quality is...dubious. ---rsk
Re: Marriott wifi blocking
On Oct 6, 2014, at 8:06 AM, Michael Thomas m...@mtcc.com wrote: On 10/06/2014 07:37 AM, Owen DeLong wrote: On Oct 4, 2014, at 11:23 PM, Michael Thomas m...@mtcc.com wrote: On 10/04/2014 11:13 PM, Owen DeLong wrote: Very true. I wasn't talking about ideal solutions. I was talking about current state of FCC regulations. Further, you seem to assume a level of control over client behavior that is rare in my experience. Owen I this particular case, I think that enterprise could go a very long way to driving a solution through standards and deployment. They, after all, call the shots of who does and who doesn't get over the corpro-drawbridge. A much different state of affairs than the typical unwashed masses dilemma. Not sure what you mean by corpro-drawbridge in this context. Some corporations exercise extreme control over their clients. They are the exception, not the rule. The vast majority of corporate environments have to face the realities of BYOD and minimal control over client configuration, software load, etc. It means that they can exercise control of what they allow on their corporate network, byod or not. Nobody would allow a WEP-only wireless device on their network these days, so it's not hard to imagine that if a standard for authenticating AP's became available and enterprises went to the effort to upgrade their AP kit, they could reasonably say use a client that supports this, or you must vpn in”. I think most environments already support this to some extent in terms of the APs participating in the controller framework and 802.1x authentication. However, that doesn’t cover the guy that brings a linksys in and plugs it into his wired port. I think the only solution for those is detection followed by blocking the wired port until resolution. Most companies I have worked with that took the time to think this through simply made it an instant firing offense for anyone to plug in an unauthorized WAP to the corporate wired network, problem solved. That's a much better outcome than quibbling about squatter's rights, blah blah blah. To the extent that such is a feasible solution, I think it was long since done. That’s got nothing to do with what this discussion was about, however, you’ve warped it into a completely different problem space. Owen
Re: Marriott wifi blocking
On 10/06/2014 10:12 AM, Owen DeLong wrote: On Oct 6, 2014, at 8:06 AM, Michael Thomas m...@mtcc.com wrote: On 10/06/2014 07:37 AM, Owen DeLong wrote: On Oct 4, 2014, at 11:23 PM, Michael Thomas m...@mtcc.com wrote: On 10/04/2014 11:13 PM, Owen DeLong wrote: Very true. I wasn't talking about ideal solutions. I was talking about current state of FCC regulations. Further, you seem to assume a level of control over client behavior that is rare in my experience. Owen I this particular case, I think that enterprise could go a very long way to driving a solution through standards and deployment. They, after all, call the shots of who does and who doesn't get over the corpro-drawbridge. A much different state of affairs than the typical unwashed masses dilemma. Not sure what you mean by corpro-drawbridge in this context. Some corporations exercise extreme control over their clients. They are the exception, not the rule. The vast majority of corporate environments have to face the realities of BYOD and minimal control over client configuration, software load, etc. It means that they can exercise control of what they allow on their corporate network, byod or not. Nobody would allow a WEP-only wireless device on their network these days, so it's not hard to imagine that if a standard for authenticating AP's became available and enterprises went to the effort to upgrade their AP kit, they could reasonably say use a client that supports this, or you must vpn in”. I think most environments already support this to some extent in terms of the APs participating in the controller framework and 802.1x authentication. However, that doesn’t cover the guy that brings a linksys in and plugs it into his wired port. I think the only solution for those is detection followed by blocking the wired port until resolution. If there's strong auth to the AP which enforces which SSID I connect to, who cares about somebody bringing their own AP and fire up an SSID with the same name as $COPROSSID? Most companies I have worked with that took the time to think this through simply made it an instant firing offense for anyone to plug in an unauthorized WAP to the corporate wired network, problem solved. That's orthogonal to somebody backhauling the AP's traffic to some other (possibly evil) network. That's a much better outcome than quibbling about squatter's rights, blah blah blah. To the extent that such is a feasible solution, I think it was long since done. That’s got nothing to do with what this discussion was about, however, you’ve warped it into a completely different problem space. Not really. The original posts posited that there were perfectly valid reasons to send deauth frames to rogue AP's because clients might connect to spoofed SSIDs. That's a bad solution to what at its heart is an authentication problem. Bring strong auth to the table, and there's no reason to worry about spoofed SSID's. Mike
Re: A few Baltimore tips for this week
/lurk Anyone coming or leaving via BWI airport : http://www.bwiairport.com/en/shops/shop-dine/store/obryckisab/ *Obrycki's *is an absolute /*must*/ for Authentic Maryland crab cakes, the ones they show on the food channel, and my grandmother made. Get them *pan fried*, ignore all the other pretend methods of creating an Authentic Maryland Crab cake, they are not authentic. You may want to eat them with Heinz on the side, like a dip. Don't worry about asking for ketchup, no chef in Maryland will complain, it will probably be on the table, anyway. Next time you see Bobby Flay winning a throw down with _Maryland__ __Blue Crab,_ Crab Cakes, you can say you have had the real thing, and will understand /why/ he won. And heed our good friends advice here, and don't get too far off the beaten path You may become a Bawlmer Merlund statistic, hon. lurk On 10/06/2014 01:11 PM, Rich Kulawiec wrote: Restaurants worth visiting: the Waterfront Kitchen (pricey, worth it, harbor views), The Helmand (Afghan, delicious, charming hosts), McCormick Schmick's (seafood, harbor views), The Black Olive (Greek), BO Brasserie (great cocktails too), Sotto Sopra (Italian), Da Mimmo's (Italian)
Re: A few Baltimore tips for this week
On 10/6/14 10:11 AM, Rich Kulawiec wrote: Fort McHenry If you're a fan of history, or just an American, I can't recommend visiting Fort McHenry highly enough. When I was there (which admittedly was a long time ago) they did an excellent job of setting the scene for the battle that inspired Francis Scott Key to write Defence of Fort M'Henry, nee The Star-Spangled Banner. For me it was very inspirational, and if you have any doubts about whether or not that song should be our national anthem, visiting the star fort will dispel them. ... we now return you to our regularly scheduled cynical sniping ... Doug
Re: Marriott wifi blocking
On Oct 6, 2014, at 8:41 AM, Owen DeLong o...@delong.com wrote: Actually, in multiple situations, the FCC has stated that you are responsible when deploying a new unlicensed transmitter to insure that it is deployed in such a way that it will not cause harmful interference to existing operations. I recognize that you were making this statement in the context of colliding SSIDs, but to me this could be an interesting point in another way. Suppose from Marriott’s perspective that your personal wifi network is interfering with the throughput of their existing network. After all, if you fire up your personal AP, with a non-colliding SSID, and start downloading multi-GB files, that’s bound to impact[1] anything else using that channel. While there are at least a few non-overlapping channels on most wifi networks, if Marriott(’s third party network operators) had any sense they likely would have situated their APs and channels to provide the most range with the least amount of frequency overlap. Now here your personal AP on one of those channels consuming enough of its bandwidth to significantly degrade performance for anyone else, and they may not have access to (or usable signal strength or bandwidth on) another channel from their hotel room. During a big convention for example, the hotel network is probably at its busiest while the number of guests using personal APs is likely also at its peak. This may be a stickier case, as no one user is causing the issue but one could make the case that, in aggregate, they are very much interfering with existing operations. There are probably a couple of different angles to consider, but I’m thinking in terms of the “first come, first served” concept. At what point is the extra bandwidth consumed by your personal wifi network considered to be harmfully interfering with an existing network? FWIW I am not defending Marriott’s actions, nor even positing that this was the reason for them. I just want to gain understanding. -c [1] This is of course assuming you’re getting decent throughput from your 3G/4G provider’s network. But even though it’s almost certainly slower than wifi it’s probably generating enough packets in a collision-based medium to impact other flows.
Re: Marriott wifi blocking
I live in a condo. I have a WLAN set up. More people move in and start setting up WLANs and the collective noise of those WLANs starts to impact the performance of my WLAN. Just because I was there first doesn't mean I have any right to start de-authing the newcomers. I don't see how Marriott has any additional rights to de-auth personal hotspots than I do to de-auth my neighbours. On Mon 2014-Oct-06 11:53:40 -0700, Clay Fiske c...@bloomcounty.org wrote: On Oct 6, 2014, at 8:41 AM, Owen DeLong o...@delong.com wrote: Actually, in multiple situations, the FCC has stated that you are responsible when deploying a new unlicensed transmitter to insure that it is deployed in such a way that it will not cause harmful interference to existing operations. I recognize that you were making this statement in the context of colliding SSIDs, but to me this could be an interesting point in another way. Suppose from Marriott’s perspective that your personal wifi network is interfering with the throughput of their existing network. After all, if you fire up your personal AP, with a non-colliding SSID, and start downloading multi-GB files, that’s bound to impact[1] anything else using that channel. While there are at least a few non-overlapping channels on most wifi networks, if Marriott(’s third party network operators) had any sense they likely would have situated their APs and channels to provide the most range with the least amount of frequency overlap. Now here your personal AP on one of those channels consuming enough of its bandwidth to significantly degrade performance for anyone else, and they may not have access to (or usable signal strength or bandwidth on) another channel from their hotel room. During a big convention for example, the hotel network is probably at its busiest while the number of guests using personal APs is likely also at its peak. This may be a stickier case, as no one user is causing the issue but one could make the case that, in aggregate, they are very much interfering with existing operations. There are probably a couple of different angles to consider, but I’m thinking in terms of the “first come, first served” concept. At what point is the extra bandwidth consumed by your personal wifi network considered to be harmfully interfering with an existing network? FWIW I am not defending Marriott’s actions, nor even positing that this was the reason for them. I just want to gain understanding. -c [1] This is of course assuming you’re getting decent throughput from your 3G/4G provider’s network. But even though it’s almost certainly slower than wifi it’s probably generating enough packets in a collision-based medium to impact other flows. -- Hugo signature.asc Description: Digital signature
Re: Marriott wifi blocking
On Mon, Oct 6, 2014 at 2:53 PM, Clay Fiske c...@bloomcounty.org wrote: Suppose from Marriott’s perspective that your personal wifi network is interfering with the throughput of their existing network. Then Marriott misunderstands the nature of *unlicensed* spectrum which anyone is allowed to use. There's a difference between interference incidental to one's lawful use and intentional, harmful interference. It isn't their spectrum. I have just as much a right to it as they do. If the microwave oven in the adjoining room makes 2.4ghz unusable I'm out of luck. If Marriott sends deauth packets (or any other unsolicited packets) under my SSID, they're hacking my computer and that's generally understood to be unlawful. Regards, Bill Herrin -- William Herrin her...@dirtside.com b...@herrin.us Owner, Dirtside Systems . Web: http://www.dirtside.com/ May I solve your unusual networking challenges?
Re: Marriott wifi blocking
On Oct 6, 2014, at 12:07 PM, William Herrin b...@herrin.us wrote: On Mon, Oct 6, 2014 at 2:53 PM, Clay Fiske c...@bloomcounty.org wrote: Suppose from Marriott’s perspective that your personal wifi network is interfering with the throughput of their existing network. Then Marriott misunderstands the nature of *unlicensed* spectrum which anyone is allowed to use. There's a difference between interference incidental to one's lawful use and intentional, harmful interference. It isn't their spectrum. I have just as much a right to it as they do. If the microwave oven in the adjoining room makes 2.4ghz unusable I'm out of luck. If Marriott sends deauth packets (or any other unsolicited packets) under my SSID, they're hacking my computer and that's generally understood to be unlawful. Again, to be clear, I’m not defending Marriott or their actions. I wouldn’t dispute your statements, but if the FCC set the tone as indicated by Owen then it sounds like it may not be that simple. Depending how it was actually worded by the FCC, I could see a corporation using it in court to defend their perceived “right to protect their wifi network from being “disrupted” by other traffic. -c
Re: Marriott wifi blocking
On 10/6/14 12:56 PM, Clay Fiske wrote: Depending how it was actually worded by the FCC, I could see a corporation using it in court to defend their perceived “right to protect their wifi network from being “disrupted” by other traffic. It's not clear that you understand how unlicensed spectrum works. The right you posit doesn't exist. The question of Can we stomp on unauthorized users who are impersonating our ESSID(s)? is a little more complex, as others have pointed out. But that's not what Marriot was doing. For my money the amount of uninformed speculation on this thread has exceeded even the normal levels for this list ... Doug
Re: Marriott wifi blocking
On Mon, Oct 6, 2014 at 3:56 PM, Clay Fiske c...@bloomcounty.org wrote: On Oct 6, 2014, at 12:07 PM, William Herrin b...@herrin.us wrote: If the microwave oven in the adjoining room makes 2.4ghz unusable I'm out of luck. If Marriott sends deauth packets (or any other unsolicited packets) under my SSID, they're hacking my computer and that's generally understood to be unlawful. Again, to be clear, I’m not defending Marriott or their actions. I wouldn’t dispute your statements, but if the FCC set the tone as indicated by Owen then it sounds like it may not be that simple. Hi Clay, It isn't that simple. Marriott offended against multiple laws and regulations in multiple jurisdictions. The FCC's concern is use of the spectrum. This they addressed -- intentionally preventing others' use of the spectrum gets you spanked. Many states also have computer hacking laws where intentionally sending falsified data packets to a computer with the purpose of causing it to malfunction is either a tort or a crime. The FCC did not speak to that issue as it's out of their jurisdiction. We've discussed this on the list before: you don't get to counterattack a network you think is attacking you. It isn't lawful. Marriott should be grateful. They're lucky they only got slapped by the FCC. Had politicos been present they could have found themselves facing criminal charges. Regards, Bill Herrin -- William Herrin her...@dirtside.com b...@herrin.us Owner, Dirtside Systems . Web: http://www.dirtside.com/ May I solve your unusual networking challenges?
Re: A few Baltimore tips for this week
On 10/06/2014 02:39 PM, Doug Barton wrote: On 10/6/14 10:11 AM, Rich Kulawiec wrote: Fort McHenry If you're a fan of history,... And if you can make it to the inner harbor area, on the west side of the Aquarium is USS Torsk, a WWII vintage US submarine, and on the east side of the Aquarium is the Coast Guard cutter USS Taney. Taney is the only remaining ship that participated in the battle of Pearl Harbor. She was in Honolulu harbor on 7 DEC 1941, and fired her antiaircraft guns at Japanese aircraft passing overhead on their way to the melee at Pearl. -- Bruce H. McIntoshb...@ufl.edu Senior Network Engineer http://net-services.ufl.edu University of Florida Network Services 352-273-1066
Other things in the Baltimore area
Two other places that might be worth a visit: (taking care to leave torches and pitchforks behind) The National Cryptologic Museum is located next to the National Security Agency HQ. It's really not that far away. https://www.nsa.gov/about/cryptologic_heritage/museum/ The BO Train Museum is a must-see stop for anyone interested in railroads - http://www.borail.org/Collections.aspx I remember spending a fun afternoon several years ago (okay, so it's been over 15 years now...) just riding the water taxi around the harbor, getting off and wandering around Fells Point as well. -- Jeff Shultz
socialsecurity.gov ipv6 routing loop
in case anyone can help resolve traceroute6 www.socialsecurity.gov traceroute6: Warning: www.socialsecurity.gov has multiple addresses; using 2001:1930:c01:: traceroute6 to www.socialsecurity.gov (2001:1930:c01::) from 2607:f2f8:a8e0::2, 64 hops max, 12 byte packets 1 2607:f2f8:a8e0::1 1.139 ms 0.798 ms 0.828 ms 2 ge-0-7-0-24.r04.lsanca03.us.bb.gin.ntt.net 1.159 ms 1.737 ms 1.098 ms 3 2001:428:201:8::1 0.718 ms 0.940 ms 0.976 ms 4 2001:428::205:171:3:171 74.411 ms 73.496 ms 74.080 ms 5 2001:428:a202::2:0:2 81.566 ms 81.726 ms 81.701 ms 6 www.socialsecurity.gov 76.344 ms 75.903 ms 75.638 ms 7 2001:1930:c01::2 76.694 ms 76.982 ms 76.726 ms 8 www.socialsecurity.gov 75.722 ms 75.774 ms 76.011 ms 9 2001:1930:c01::2 76.804 ms 77.080 ms 76.898 ms 10 www.socialsecurity.gov 75.967 ms 75.874 ms 75.842 ms 11 2001:1930:c01::2 76.901 ms 77.006 ms 76.907 ms 12 www.socialsecurity.gov 76.079 ms 76.390 ms 76.192 ms 13 2001:1930:c01::2 76.911 ms 77.246 ms 77.362 ms 14 www.socialsecurity.gov 76.032 ms 76.335 ms 76.327 ms 15 2001:1930:c01::2 77.239 ms 77.295 ms 77.903 ms 16 www.socialsecurity.gov 77.083 ms 76.307 ms 76.435 ms 17 2001:1930:c01::2 77.307 ms 77.427 ms 77.438 ms 18 www.socialsecurity.gov 76.468 ms 76.619 ms 78.225 ms 19 2001:1930:c01::2 77.242 ms 77.300 ms 77.371 ms 20 www.socialsecurity.gov 76.423 ms 76.444 ms 76.390 ms 21 2001:1930:c01::2 77.276 ms 77.277 ms 77.367 ms 22 www.socialsecurity.gov 76.610 ms 76.377 ms 76.669 ms 23 2001:1930:c01::2 77.318 ms 77.549 ms 77.201 ms 24 www.socialsecurity.gov 76.407 ms 76.250 ms 76.546 ms
Re: Marriott wifi blocking
On Oct 6, 2014, at 1:16 PM, William Herrin b...@herrin.us wrote: Hi Clay, It isn't that simple. Marriott offended against multiple laws and regulations in multiple jurisdictions. The FCC's concern is use of the spectrum. This they addressed -- intentionally preventing others' use of the spectrum gets you spanked. Hi Bill, Right. So I think I was approaching it a different way, and I probably wasn’t clear enough about that. My question wasn’t meant to justify the response (deliberately booting people from non-Marriott SSIDs), it was about whether they had any legitimate right to claim that other wifi networks were impacting their own network’s performance, specifically based on the FCC’s position that a new transmitter should not disrupt existing operations. I was not in any way intending to say that their -response- was legitimate. Anyway, I think the departed horse has been suitably tenderized. Apologies for not being clearer, nothing to see here, etc. Thanks, -c
2014.10.06 NANOG 62 morning notes posted
Sorry, lunch was a bit short today, so didn't have time to post URL to morning notes over lunch as usual, sorry about that. ^_^;; Matt http://nanog.cluepon.net/index.php/NANOG62morn2
2014.10.06 NANOG 62 afternoon notes
Bugger. Just realized I got the document names wrong. I'll just keep going with the wrong values, and pretend I didn't copy the dates from last time by mistake. ^_^; http://nanog.cluepon.net/index.php/NANOG62aft2 Thanks! :) Matt
Re: Marriott wifi blocking
On Mon, Oct 6, 2014 at 5:03 PM, Clay Fiske c...@bloomcounty.org wrote: legitimate right to claim that other wifi networks were impacting their own network’s performance, specifically based on the FCC’s position that a new transmitter should not disrupt existing operations. I was not in any way intending to say that their -response- was legitimate. Hi the FCC's position about a transmitter not disrupting existing operations applies to various licensed frequencies but not the low-powered unlicensed transmitters. Please don't imagine that Part 15 devices have any regulatory protection against interference from any other Part 15 devices being operated, no matter which device is new, except for the prohibition against Malicious/Willful interference. Of course, it is within the FCC's power to regulate, there just isn't this regulation in Part 15. -- -JH
Re: Marriott wifi blocking
On Mon, Oct 6, 2014 at 7:30 PM, Jimmy Hess mysi...@gmail.com wrote: On Mon, Oct 6, 2014 at 5:03 PM, Clay Fiske c...@bloomcounty.org wrote: legitimate right to claim that other wifi networks were impacting their own network’s performance, specifically based on the FCC’s position that a new transmitter should not disrupt existing operations. I was not in any way intending to say that their -response- was legitimate. Please don't imagine that Part 15 devices have any regulatory protection against interference from any other Part 15 devices being operated, no matter which device is new, except for the prohibition against Malicious/Willful interference. Hi Clay, The answer to the question you asked is: No, Marriott lacked any legitimate right to claim that other wifi networks were impacting their own network’s performance. Any such impact was incidental to those other individuals'' lawful use of an unlicensed frequency. A more interesting question (to me anyway) is: does vendor gear which facilitates willful interference, as the equipment provided by well-known, reputable manufacturers apparently did, comply with Part 15? Or does the presence of such features make the gear non-compliant, ergo unlawful. Regards. Bill Herrin -- William Herrin her...@dirtside.com b...@herrin.us Owner, Dirtside Systems . Web: http://www.dirtside.com/ May I solve your unusual networking challenges?
Re: Marriott wifi blocking
On 10/6/14, 8:41 AM, Owen DeLong wrote: Actually, in multiple situations, the FCC has stated that you are responsible when deploying a new unlicensed transmitter to insure that it is deployed in such a way that it will not cause harmful interference to existing operations. Using the same SSID of someone else who is already present would, IMHO, meet the test of “causing harmful interference”. Really? From a radio perspective if it isn't on the same RF channel? I'm not so sure about that. It might cause interference to the revenue stream, it could be considered a trademark infringement especially if it leads to a fake splash page with the Marriott logo, and it could certainly be used for malicious MITM purposes, but it doesn't cause harmful interference to the existing user from the perspective of radio frequency use. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV