Blocking WiFi

[w0ss]

have an odd question that came up at the office.

We have in the past contained all AP's that an AP can see as "rogue". I have expressed some reservations that this is probably in violation of some FCC rule but I can't find anything.

Part 15 basicly says you can't generate any harmful interference. So how is it ok to forcefully disconnect someone else I would certainly think that is harmful interference.

 

[spidey07]

have an odd question that came up at the office.

We have in the past contained all AP's that an AP can see as "rogue". I have expressed some reservations that this is probably in violation of some FCC rule but I can't find anything.

Part 15 basicly says you can't generate any harmful interference. So how is it ok to forcefully disconnect someone else I would certainly think that is harmful interference.

Because you are not interfering with their transmissions. Rogue containment is perfectly fine especially if it is within your premise.

 

[w0ss]

my thinking has been we have no idea where the AP is(a general guess based on what AP see's it). It could be in the office next door to ours or a person operating a MiFi device. The question is mostly academic as the FCC is never going to do anything about it. Just curios if others had seen anything mentioning it specifically.

 

[alkemyst]

Not sure what you are looking to do here...if you are using wireless it's going to be pretty hard to stop people from deploying their own hotspots.

The 'rogue' can be blocked from sending it's traffic to your network and that is usually all that matters.

You can also set up the workstations to only connect to your network as well.

Then regardless if someone brings in their cellphone to tether/hotspot to get around the corporate surfing rules, they are stopped dead in their tracks.

If you have more details I am sure we can figure out a solution.

 

[w0ss]

We already have something where I work. My question was more around the legality.

802.11 works on 2.4/5Ghz and is shared. Meaning our company does not have exclusive use to that frequency. However our company policy is that we "Contain" any rogue AP's. We us Cisco's Solution and my understanding is it sends disassociation packets to any clients it see's join the rogue.

Since this does not allow anyone else to use the shared frequency then I think it does violate the rules.

Like I said it is more of an academic question as the FCC isn't going to be bothered by this.

 

[alkemyst]

I think you are misunderstanding this

 

[w0ss]

I think you are misunderstanding this

Then try to explain it to me.

 

[alkemyst]

Then try to explain it to me.

I CAN'T!

explain what you are trying to accomplish!

 

[spidey07]

We already have something where I work. My question was more around the legality.

802.11 works on 2.4/5Ghz and is shared. Meaning our company does not have exclusive use to that frequency. However our company policy is that we "Contain" any rogue AP's. We us Cisco's Solution and my understanding is it sends disassociation packets to any clients it see's join the rogue.

Since this does not allow anyone else to use the shared frequency then I think it does violate the rules.

Like I said it is more of an academic question as the FCC isn't going to be bothered by this.

Like I said. You are not causing interference.

 

[pitz]

In theory, one could build a box with as many Wi-Fi cards as necessary to cover the entire spectrum, and another box to act as a receiver. Set up some software to have the radios saturate the spectrum with random traffic (a trivial undertaking with Linux!). Voila, wireless devices become useless, while it is impossible to prove that the spectrum was interfered with by anything but legitimate WiFi traffic.

Write a little script to randomize the power settings of the WiFi NICs, and write another script to periodically change the MAC addresses and SSIDs on both ends. Anyone from the outside will just scratch their heads on WTF is really going on internally.

Of course, the Cisco system can probably be defeated with minor engineering/software modifications to the AP and the client. Certainly it would work for most rank-and-file, non-experts, who might be tempted to bring their own AP to work and stash it in their office. But its not a proper solution for defending against a determined person.

Cisco says:

http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080b40901.shtml#RM

Containment can have legal implications when launched against neighboring networks. Ensure that the rogue device is within your network and poses a security risk before you launch the containment.

 

[w0ss]

Cisco says:

http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080b40901.shtml#RM

Thanks I didn't see that before although I am still not 100% sure this seems to support my thoughts.

 

[w0ss]

Like I said. You are not causing interference.

I agree this is not causing RF interference but the FCC has been fairly broad in the past on interpretation. So interference could be more than RF.

 

[bobdole369]

This is fairly simple. The Cisco device is communicating in accordance with part 15. That is it isn't transmitting interference. It is simply using a protocol that is transmitted over the air. It would be as if you keyed up your walkie-talkie and started shouting "LALALALALALA I'm NOT LISTENING I'M NOT LISTENING LALALALALALALA!"

Part 15 never guarantees that you are able to use the frequency. Only that you must not generate interference, and that you must accept any interference, even if that causes undesired operation.

Simply put:

"The operator of the Part 15 device is responsible for correcting the interference or to stop using the device if so ordered by the FCC. "

Since it is like the wild west out there, it is perfectly permissible to operate your part 15 device in such a way that you are preventing others from using their own part 15 equipment. However if the interfered-upon party files a claim, and actually gets the FCC to move (godawfully rare) - than you very well might find that the rogue AP owner is behind an FCC rep one day saying "shut 'er down boys".

It is up to the interfered upon party to complain and get the FCC to do anything. IN any event, any well-built wifi device is not going to listen to deauth requests sent by a device to which it isn't associated. Certainly the AP isn't going to, and its clients see a MAC address other than the AP, so they probably won't actually deauth. Essentially this is just like shouting a lot.

 

[w0ss]

It is up to the interfered upon party to complain and get the FCC to do anything. IN any event, any well-built wifi device is not going to listen to deauth requests sent by a device to which it isn't associated. Certainly the AP isn't going to, and its clients see a MAC address other than the AP, so they probably won't actually deauth. Essentially this is just like shouting a lot.

The AP spoofs the mac address of the rogue AP so the client thinks it is legit de-auth request.

 

[bobdole369]

The AP spoofs the mac address of the rogue AP so the client thinks it is legit de-auth request.

yeah thats a little fucked up. Illegal? Probably not - free speech and all. Not against the law to lie, except when under oath/safety/committing fraud, etc. Depends on the damage caused if there would be any consequences though. Like do these 2 adjacent businesses cause each other wireless issues and extra IT time for example. Or maybe the IT dept knows the adjacent business is a competitor and this is an attempt to keep them from being efficient.

 

[w0ss]

So as I suspected this is not legal... Marriot got fined 600k but the ruling is clear you do not own the airwaves even within your own building. This ruling applies to all businesses/location's not just Hotels.

http://www.reuters.com/article/2015/01/28/us-usa-wifi-fcc-idUSKBN0L105720150128

 

[RadiclDreamer]

So as I suspected this is not legal... Marriot got fined 600k but the ruling is clear you do not own the airwaves even within your own building. This ruling applies to all businesses/location's not just Hotels.

http://www.reuters.com/article/2015/01/28/us-usa-wifi-fcc-idUSKBN0L105720150128

They were doing it to protect their revenue stream from paid wifi which im sure is looked at a little differently than say a hospital doing it to protect their equipment or a business securing their network

 

[azazel1024]

They were doing it to protect their revenue stream from paid wifi which im sure is looked at a little differently than say a hospital doing it to protect their equipment or a business securing their network

The language of the FCCs ruling is clear though, it doesn't matter if it is your business or your equipment you are protecting. It is not legal.

The one loop hole that MIGHT exist, as the FCC language in their fine/ruling is not ambigiously clear is you MAY be able to shut down true ROGUE access points. By rogue, I don't mean ones operating on your property you don't want operating, I mean APs that are spoofing your SSID so that clients think they are connecting to your network, but actually aren't.

So it MAY be okay to shut down APs spoofing your network, it is NOT okay under any circumstances to shut down APs that are not spoofing your network.

The FCCs ruling there is extremely clear.

 

[RadiclDreamer]

The language of the FCCs ruling is clear though, it doesn't matter if it is your business or your equipment you are protecting. It is not legal.

The one loop hole that MIGHT exist, as the FCC language in their fine/ruling is not ambigiously clear is you MAY be able to shut down true ROGUE access points. By rogue, I don't mean ones operating on your property you don't want operating, I mean APs that are spoofing your SSID so that clients think they are connecting to your network, but actually aren't.

So it MAY be okay to shut down APs spoofing your network, it is NOT okay under any circumstances to shut down APs that are not spoofing your network.

The FCCs ruling there is extremely clear.

It may be clear on this ruling, but I would surmise that when a sentinel event happens in a hospital due to some dip$hit running their own rogue AP, the FCC may think a bit different.

Right now they were sending a clear message to the numbskulls doing it for profit.

 

[w0ss]

The problem is the ruling makes no distinction. The existing FCC rules are clear on Part 15. You cannot generate ANY interference period.

So while I agree in the real world there is a difference between a Hotel trying to profit and a network protecting itself from a malicious user at least according to the FCC today there is not.

 

[splat_ed]

These rogue APs - are they wired to your network/using your internet or are they using their mobile data plans? If it's the former then there's no problems. The Marriott case was to do with the latter...

 

[azazel1024]

It may be clear on this ruling, but I would surmise that when a sentinel event happens in a hospital due to some dip$hit running their own rogue AP, the FCC may think a bit different.

Right now they were sending a clear message to the numbskulls doing it for profit.

*hand waffling gesture*

The issue there though is, that is really a medical device manufacturer fault if that can possibly occur. If regular wifi operation withing FCC regulation can cause sufficient interference to cause issues, then the medical device maker/hospital is at fault. Not "some dip$hit" as you put it.

Regular operation of cellular and wifi devices should in no way cause interference with medical equipment. PERIOD.

It is either a design problem from the hospital's network if it can to their network or the medical device manufacturer if it can somehow cause problems with a medical device within the hospital.

There is a bit within the FCCs regulations that require not only non-harmful interference to be generated by FCC certified devices, but also to be able to ACCEPT non-harmful interference from other devices.

The only exceptions I can see to allowing wifi hotspots/cell devices to be operated unobstructed is in the cases of REAL public safety. I'd codify those under things like "blocking cell signals/wifi within top secret facilities" or within prisons (I kind of get why that isn't legal, but at the same time...). Medical equipment and networks absolutely should be able to accept some "dip$hit's" AP operating and cause zero issues.

PS also to be clear, some hospitals tell you no cell/wifi as a for profit thing too. I've been to hospitals where they have no free wifi. Oh, they have wifi you can connect to as a guest/patient...but you also get CHARGED per device you connect. That said, I have also been to some hospitals which just plain have free wifi.

 

[RadiclDreamer]

*hand waffling gesture*

The issue there though is, that is really a medical device manufacturer fault if that can possibly occur. If regular wifi operation withing FCC regulation can cause sufficient interference to cause issues, then the medical device maker/hospital is at fault. Not "some dip$hit" as you put it.

Regular operation of cellular and wifi devices should in no way cause interference with medical equipment. PERIOD.

It is either a design problem from the hospital's network if it can to their network or the medical device manufacturer if it can somehow cause problems with a medical device within the hospital.

There is a bit within the FCCs regulations that require not only non-harmful interference to be generated by FCC certified devices, but also to be able to ACCEPT non-harmful interference from other devices.

The only exceptions I can see to allowing wifi hotspots/cell devices to be operated unobstructed is in the cases of REAL public safety. I'd codify those under things like "blocking cell signals/wifi within top secret facilities" or within prisons (I kind of get why that isn't legal, but at the same time...). Medical equipment and networks absolutely should be able to accept some "dip$hit's" AP operating and cause zero issues.

PS also to be clear, some hospitals tell you no cell/wifi as a for profit thing too. I've been to hospitals where they have no free wifi. Oh, they have wifi you can connect to as a guest/patient...but you also get CHARGED per device you connect. That said, I have also been to some hospitals which just plain have free wifi.

I work in a hospital and also run free wifi, what I am referring to isnt interference to the medical device, but more delay in a mobile modality transmitting a PACS image due to interference of a rogue AP. Or a doc that is delayed in getting patient data because the wifi didnt work due to interference.

These are all purely hypothetical scenarios, but at some point i see them happening.

 

[azazel1024]

I work in a hospital and also run free wifi, what I am referring to isnt interference to the medical device, but more delay in a mobile modality transmitting a PACS image due to interference of a rogue AP. Or a doc that is delayed in getting patient data because the wifi didnt work due to interference.

These are all purely hypothetical scenarios, but at some point i see them happening.

Hypothetical situations are always great.

Gov'ts use them all the time.

"Because terrorism"

"Because the children"

Etc. I don't dispute that if it can be shown that rogue APs were in anyway likely to cause problems in life critical systems that it should be permissible, with tight regulations surrounding it, to shut them down. The likelihood is excrutiatingly low however.

 

[DainBrammage]

Lawful Scenario protected by recent FCC ruling Dude it has nothing to do with profit. If you block anyone access to device that they have paid for then it will be your ass when you get caught and you will get caught. The spectrum is not yours by definition is UNLICENSED for the public use and if public has an S5 and wants to run his cellphone, that he pays for,as an AP so he connect his -e-reader or whatever to get the latest copy of ANYTHING and your controller is set to contain regardless of SSID and you deauth actively you just fracked up.

Scenario 2 not protected under FCC.Disgruntled person who decides to replicate your company's ssid creates a honeypot with his cellphone or pineapple USING your same ssid so when your employees log in they go to *************** or https://www.youtube.com/watch?v=dQw4w9WgXcQ or http://goatse.info/ Then yes by all means contain away. Also,if your ssid isnt trademarked then you might want to trademark it or use a trademarked name already owned by your company. that way no one can legally use your ssid. Also I hope you have logs of anything you deuth and can prve it was malicious. Especially if you live in a dense urban area laden with wifi....