Oh dear
Friday evening - couldn't really get past the Hotel name, fokkers!
The Marriott has been fined $600,000 by the FCC for paralyzing guests' personal Wi-Fi hotspots, forcing them to use the hotel giant's expensive network instead. The US watchdog today said the Marriott Gaylord Opryland in Nashville, Tennessee, used monitoring equipment to illegally boot hotel and convention center guests off …
...now excuse me while I instruct our travel partners to de-auth Marriott from the entire company's list of acceptable travel hotels. Someone just made the "only permitted if no other option available" list.
But hey, we only use booking software supplied by well-known, reputable vendors and I believe my actions to be lawful, so there's no reason for them to be upset, right?
I travel all over the world for work, and stop in accomodation ranging from a guesthouse to a 5 star business hotel.
Harvey's law says that the higher the price of the room the more likely you are to have to pay for internet access. And the slower it will be.
I've spent €30 a night in a gasthof in Germany, and got free super-fast internet, and paid $250 a night at an airport in the USA and been unable to connect to an nntp server despite paying an extra $50 for the right to try.
"This is why the first thing you do when connecting to hotel wifi (or even a wired connection) is to establish a VPN to a trusted machine elsewhere that you know can access all the services you want."
I tried this at one hotel, and found they had a machine in the middle that passed on url requests to the outside world for you. In other words, you could not directly connect to another server via their systems (VPNs will never work).
This is where Harvey's Law (Part II) comes in. For every hotel that has tighter restrictions, directly opposite the hotel will be a Cafe that offers free WiFi with any purchase. There you can do all your VPNing and NNTPing you like.
I tried this at one hotel, and found they had a machine in the middle that passed on url requests to the outside world for you. In other words, you could not directly connect to another server via their systems (VPNs will never work).
This is where you set up OpenVPN on its "port-sharing" mode, where it listens on port tcp/443 so you can deal with this exact scenario.
Quote: This is where you set up OpenVPN on its "port-sharing" mode
If the hotel is crap enough and expensive enough that will not help either. Example the Etoille convention centre (nowdays Grand Hayatt) in Paris. Last time I was there (IETF 2011) it was killing any persistent sessions _INCLUDING_ port 443 and disallowing IM (so you use the hotel phone you know).
If the hotel is crap enough and expensive enough that will not help either. Example the Etoille convention centre (nowdays Grand Hayatt) in Paris. Last time I was there (IETF 2011) it was killing any persistent sessions _INCLUDING_ port 443
I could sort of try to understand that if it were a company network (but not really). However, for a business where you are the customer to try that, it borders on the psychopathically suicidal.
"Not psychopathically suicidal, just normal bean counter thinking. They only see ways to syphon cash, (sorry maximise revenue) not the effect this has on the overall business."
The larger hotels have driven my business to small chains and independents that offer free internet and a nice cooked breakfast to attract customers. Nearly all of the time I only need a nice clean room with peace and quiet to get my head down and enough hot water to sluice off the day's dirt. Posh hotels just don't offer anything I find useful.
If the hotel is crap enough and expensive enough that will not help either. Example the Etoille convention centre (nowdays Grand Hayatt) in Paris. Last time I was there (IETF 2011) it was killing any persistent sessions _INCLUDING_ port 443 and disallowing IM (so you use the hotel phone you know).
There are ways to getting around this as well, let's just say that I've encountered most of these scenarios. Yes, I'm including the persistent session killing on port 443.
Hotels should wise up on the fact that they aren't going to stop a skillful hacker from getting his/her unrestricted internet access. We're willing to pay for internet access (even if it is far more expensive in some hotels than what it should be), but we expect unfiltered access to the 'net when doing so.
This post has been deleted by its author
The Hotel does not have the authority to JAM or otherwise interferre with a licensed radio service in the United States. WiFi, Bluetooth, Mobile phone service, GPS, commercial radio and broadcast radio and even your garage door opener are all LICENSED radio services in the United States. This includes schools, restaurants, movie theatres and your private residence.
WiFi is a licensed service. It is also illegal to interfere with Cell phone emissions and your mobile WiFi.
It is illegal to manufacture, import, sell and possess this equipment.
There are NO EXCEPTIONS for ANY reason at all. The FCC will fine you and confiscate your equipment.
They weren't interferring with the radio signal, they were doing it on the data layer.
Interesting response. To a layman the difference is irrelevant, and the result is the same. I wonder if the law is so tightly written that this counts as a loophole?
Obviously the FCC wasn't particularly happy about the situation, so I'd assume they don't believe it matters how you mess with the signal (whether by flooding the radio spectrum with noise, or injecting malicious data packets). They seem to have concluded the hotel's actions were illegal, and slapped down a pretty big fine.
Just to clarify - I wasn't stating that it was therefore legal or okay to do, it was specifically in response to interfering/jamming a radio signal, which may be the same to a lay person but might not be the same to an expert. Could a WiFi user who uses their hotspot the same channel and maximum permitted power as their neighbour be accused of signal interference - not while the device is operating as intended I would presume?
Whether it was legal or not, or more specifically under which law it would be prosecuted is still unknown as the hotel chain in question decided to pay to not find out and the FCC decided to accept the payment and not pursue it (If someone settles with a patent troll out of court doesn't mean they are guilty or the patent is valid, just that it is the most commercially attractive option).
However I would suggest that they could be prosecuted under laws relating to computer misuse/DoS/hacking/data interception etc rather than radio signal interference.
> They weren't interferring with the radio signal, they were doing it on the data layer.
It's making a transmission with the sole function to disrupt legal use of a facility. So while you might not technically be interfering with the user's transmitted radio signal, you are deliberately interfering with another user's use of the band. In the UK this would be illegal :
Wireless Telegraphy Act 2006, Section 68 http://www.legislation.gov.uk/ukpga/2006/36/section/68
"A person commits an offence if he uses apparatus for the purpose of interfering with wireless telegraphy."
Good to see it slapped down. Now if only our UK bodies could stop spending all their effort on coming up with excuses not to deal with interference caused by Powerline adapters.
"The FCC will fine you and confiscate your equipment."
Strictly speaking you can do jail time for this in the US. Also in the UK.
I'd want to know who's smart idea it was and prosecute them accordingly.
Oddly enough I'm absolutely convinced (but have no proof) that something similar is done with 3G data around underground stations that aren't under ground around London, one day I'll take some kit with me.. Phone calls no problem, pushing data - good luck!
"considering it's unsavoury usages far outweigh it's legally safe usages"
Yeah alright. Are you going to argue reasons not to go near black people next? It's a protocol, you'll allow it. Traffic volumes I can understand, because it's <x> protocol without knowing up front why is extremely obnoxious.
Now, can we please see the de-auth loophole closed so any old idiot can't disable wifi networks, and shut down all the firms selling these DoS tools?
My old university (in the UK) pulled the same stunt on anything within range; perhaps a few more six figure fines in the news will stop this being mistaken for acceptable.
This has already been closed with 802.11w. The revision still needs widespread implementation and it does also introduce new issues, but it does prevent deauth as long as the AP requires protected management frames. Finding a combination of AP and device that both support it might be the difficult part, but all AC devices (and I'd bet most N devices manufactured in the last couple of years) should.
De-authing networks does have it's legitimate uses though. For instance in a business environment where people shouldn't be using their own Wi-Fi or plugging in unauthorised equipment in your buildings but do so anyway.
If you're concerned with people plugging in unauthorised equipment, you should have actual MAC filters in your level 2&3 switches, not doing illegal DoS on the airwaves. I remember from my college years that the Cisco Catalyst 2950 has a "protected" mode for switchports where you could lock a port to a single MAC address. I would expect beefier stuff to have these kinds of security.
Universities in the UK tend to be picky about what connects to them over wired networks at least - authorized mac addresses only. Over the WIFI however that's been dropped some time between when I was an under-grad and going back to do a phd - the wireless is set up so as to be very separate to the wired, but anyone with a valid (active directory) credentials on the university network can use it. Via gift of eduorome this applies to other universities as well.
"De-authing networks does have it's legitimate uses though."
Yes it does, however those uses are within your own private business premises and you use kit like the AirDefense Security & Compliance solution to enforce published company policy.
In a public space - which includes hotel bedrooms, it's use is highly questionable, particularly if it is done without being publicly declared (I bet the Marriott's signing in slip didn't include the guest accepting a clause forbidding the use of private WiFi...).
Actually while 2.4Ghz and 5Ghz are ISM bands, Wifi isn't usually "licensed" due to there being limited non overlapping channels in said bands, disabling wifi other than theirs *could* be considered protecting their service (crap as it may be), also, I don't recall them needing to prohibit private wifi in words, same as businesses operating on their own turf don't need to post signs about unauthorized access.
As to hotel bedrooms being public space, I call bullshit. If you want proof, try staying in a hotel room without paying and claiming (once you end up in court) that you have the right because It's "public", seriously, Hotel rooms are not public by any definition, that's why you have to pay for the use of one.
I'll add that I am actually against wifi blocking just to be able to gouge to sell your own, but I believe that was the point of the article: Profiting by creating adverse conditions to sell theirs.
"For instance in a business environment where people shouldn't be using their own Wi-Fi or plugging in unauthorised equipment in your buildings but do so anyway."
Yeah, no, there's legal ways to prevent outside signals. If your security policy is based on "no wifi" but doesn't account for other signals you're already screwed. This is not the way to do this - and as I mentioned somewhere up there ^ it's a jailable offence in the US and the UK.
"disabling wifi other than theirs *could* be considered protecting their service"
At best this is anticompetitive. If your service isn't a rip off and doesn't suck you shouldn't need this. If it does and you're jamming people, seriously..
I just don't bother with cow dung like that! I use a custom BIOS which I wrote myself on my CUSTOM wifi router which I carry myself EVERYWHERE I go and it SPECIFICALLY STOPS attacks like this! It finds a free port and VPN's it to wherever I go disregardng ALL de-auth packets and ANYTHING else unless it's MY laptop Mac Address and personal encrypt/decrypt keys. I even have multiple DSP chips in it so I can bypass wireless completely and use my cell phone carrier's 22 megabits download, 10 megabits upload connections (Telus in Canada) for relatively DECENT internet connections. I even put custom hardware DSP chips and SDR (Software Defined Radio) software (self-built) the router with a wireless 4G line aggregator system so that I can use up to SIXTEEN 4G phone lines to get up to long-range wireless 200 megabits upload and 100 megabits download. Just make sure you pay your monthly bills for the 16 phone 4G numbers!
Sometimes us eggheads REALLY ARE SMARTER than the rest of the plebes!
We DON'T HAVE TO PUT UP WITH THE COW DUNG! We just bypass it!
Not sure where things stand on it legally at the moment, but about 10 years ago there were entirely reputable firms selling equipment that would perform these functions as part of securing a company's infrastructure. One of our network admins reviewed a wireless access solution that would both optimize the bandwidths for the installed access points as well as quash any unauthorized points within the operational area.
in case someone here knows -- flooding wifi with deauth - how does that not impact the hotel's own wifi? Unless the hotel wifi is on a single channel and the deauths are flooding all other channels (in which case you could work around it by using the same channel as the hotel?)
I rarely use hotel wifi myself whether it is free or not, For some reason I feel safer for using the mifi on my phone, and I'm paying something like $50/mo for mifi anyway so might as well use it (unless cell coverage is bad).
Hotel wifi is generally bad in my experience anyway.
On that note I've never used other public wifi access spots like coffee shops(I don't drink coffee so am rarely in one anyway), airports(don't fly often anyway - also never used wifi on a plane) or whomever else seems to offer "free" wifi, generally don't trust them either (not that I feel the urge to need to use them in the first place so it's not like it's hard to resist).
They probably whitelist their own MACs and flood everything else. Even if they can't see the MAC addresses of other wifi networks they'll know which networks are theirs and thus which ones not to flood.
I'm not sure what that would mean for address cloning, but I doubt your average conference attendee is going to bother with that.
It probably sniffs WiFi packets, and for any not on their netwotk, sends a deauth.
The solution is this: the radio hardware is pretty obvious. Simply imagine that you suffer from "electro-smog" phobia, rip the stuff from the ceiling/walls and claim it was self-defence, as it assaulted you.