Kearnstd

Space Elf

Premium Member

join:2002-01-22

Mullica Hill, NJ Kearnstd Premium Member i hope the hotels lose While I understand there is a threat of rogue WiFi for malicious reasons, We all know that is just an excuse to force people onto their expensive billed per day WiFi by making their own hotspots constantly fail.



OpTiC

Premium Member

join:2014-03-08

West Covina, CA OpTiC Premium Member Re: i hope the hotels lose Fuck u hotels. This is one reasons why I don't stay in hotels.



neill6705

join:2014-08-09 neill6705 Member Re: i hope the hotels lose I don't stay in hotels because Dateline showed me how much semen is on the sheets and how many mites are in the mattresses.



But yeah, the WiFi thing blows too.

Big Dawg 23

join:2002-03-27

Northfield, MN 1 recommendation Big Dawg 23 Member Re: i hope the hotels lose Not every hotel is like that. Anyone with a brain can check bed bugs. Stay at low cost hotels and pay the price.



As for Marriott, I was about to switch to them but this will be a deal breaker for me. Even if you pay for the $4.95 per day the speed is horrible. I just stayed at Courtyard and couldn't get connected to my MiFi spot or tether to my phone or even tablet. Time to go back to Hilton.

ptb42

join:2002-09-30

USA 1 recommendation ptb42 to Kearnstd

Member to Kearnstd

said by Kearnstd: While I understand there is a threat of rogue WiFi for malicious reasons, We all know that is just an excuse to force people onto their expensive billed per day WiFi by making their own hotspots constantly fail.



(1) It's actually an access point connected to the wired network on premises. This is a very real security breach, but is more easily handled on the WIRED network by isolating the access point with firewall or routing rules.



(2) A hotspot is masquerading as a legitimate access point. For instance, you have deployed a network of APs with the FOOBAR SSID, and someone puts up an access point with the same FOOBAR SSID to spoof people into using it. In a corporate network, this can be handled with authentication that prevents a device from using the rogue access point. In a hotel environment, there's not really a way to protect guest users. But frankly, that shouldn't be the hotel's problem. If you are using a public WiFi hotspot without a VPN or at least SSL/TLS for every connection, then you are already vulnerable.



A deauth attack is just a lazy way to solve a problem that a network admin doesn't want to solve properly.



Yes, there's a possibility that a sufficiently large number of hotspots can cause problems, due to the limited number of WiFi channels. As I remember, one of Apple's keynote demos crashed and burned because there were so many people using WiFi hotspots and the venue's WiFi network. They had to ask everyone to disable WiFi, so they could continue.



But, WiFi is an unlicensed band. The users have to tolerate the capacity constraints, and any given user isn't allowed to willfully interfere with the other users in order to solve the problem. There's only two situations that I think a "rogue" WiFi hotspot is a danger:(1) It's actually an access point connected to the wired network on premises. This is a very real security breach, but is more easily handled on the WIRED network by isolating the access point with firewall or routing rules.(2) A hotspot is masquerading as a legitimate access point. For instance, you have deployed a network of APs with the FOOBAR SSID, and someone puts up an access point with the same FOOBAR SSID to spoof people into using it. In a corporate network, this can be handled with authentication that prevents a device from using the rogue access point. In a hotel environment, there's not really a way to protect guest users. But frankly, that shouldn't be the hotel's problem. If you are using a public WiFi hotspot without a VPN or at least SSL/TLS for every connection, then you are already vulnerable.A deauth attack is just a lazy way to solve a problem that a network admin doesn't want to solve properly.Yes, there's a possibility that a sufficiently large number of hotspots can cause problems, due to the limited number of WiFi channels. As I remember, one of Apple's keynote demos crashed and burned because there were so many people using WiFi hotspots and the venue's WiFi network. They had to ask everyone to disable WiFi, so they could continue.But, WiFi is an unlicensed band. The users have to tolerate the capacity constraints, and any given user isn't allowed to willfully interfere with the other users in order to solve the problem.



TechyDad

Premium Member

join:2001-07-13

USA TechyDad Premium Member Re: i hope the hotels lose You're assuming that the hotels are hiring decent network admins. Marriott would just want someone to hook up their Wi-Fi network, payment system, and "knock everyone else off Wi-Fi" system. It would be the same system no matter what the hotel so they wouldn't need a technician on premises to mange it. If a problem arises, corporate could send a tech out overnight. The occasional lost Wi-Fi access fees would be much less than the Qualified-Network-Admin-On-Premises salary.



Actually hiring a talented network admin and setting up a decently managed network would eat into their profits. It'd be so much easier (for them) to just block everyone else's Wi-Fi (even if it originated from outside the hotel and "bled" in) so that they would be forced to pay for Marriott's expensive Wi-Fi option.



battleop

join:2005-09-28

00000 battleop Member Re: i hope the hotels lose "Actually hiring a talented network admin and setting up a decently managed network would eat into their profits."



Hiring an on site network admin would be a huge waste of money as that admin would sit idle 99% of the time.



TechyDad

Premium Member

join:2001-07-13

USA TechyDad Premium Member Re: i hope the hotels lose said by battleop: Hiring an on site network admin would be a huge waste of money as that admin would sit idle 99% of the time. True, except that Marriott is trying to paint a picture of their wireless networks continuously under attack by malicious Wi-Fi signals giving them the only option of blocking all Wi-Fi that isn't official Marriott Wi-Fi. In actuality, the instances of these "bad Wi-Fi signals" are probably a handful of isolated cases. If the bad Wi-Fi was so prevalent, the hotels would be better served by hiring a network admin instead of just blindly blocking all non-Marriott Wi-Fi.

cramer

Premium Member

join:2007-04-10

Raleigh, NC Westell 6100

Cisco PIX 501

cramer to ptb42

Premium Member to ptb42

#1 is not a real issue. #2 is the real issue... spoofing the hotel's wifi to trick people into passing traffic through your device where you can monitor the traffic.



Of course, this isn't what Marriott is attempting to "protect" -- they want all wifi blocked except their idiotic expensive shit.



(That said, I prefer to tether via USB -- which also powers the device -- or bluetooth -- short range, less interference, more secure, uses much less power.)

elefante72

join:2010-12-03

East Amherst, NY elefante72 Member Re: i hope the hotels lose If you guys read the original brief, the Marriott was deauthing wifi access points in the convention area, not the lobby or hotel rooms.



There is a legitimate concern in conferences when dozens of people are running their own hotspots and it is interfering with paying customers that may have been using Marriott wifi with some sort of QoS and paying big bucks. Now that is the nature of unlicensed spectrum.



For me I either USB tether or use my access point in 5GHz and that is never a problem. The rest of the rubes can fight over the 3 2Ghz channels.



If they want to have guaranteed wifi, then they need to use licensed spectrum of some sort.



Of course it comes down to dollars. If they can use standards, then they don't have to hand out special equipment, but then since it is a standard and unlicensed, the other folks operating their equipment is their right also...So immense profits maybe aren't so immense anymore...

iansltx

join:2007-02-19

Austin, TX ·Time Warner Cable

iansltx to Kearnstd

Member to Kearnstd

If the hotels offered free, fast WiFi, that'd be one thing. But in cases where they don't, this is pure crap.



Universities have a bit of a leg to stand on in cases like this, because they've usually got the funding to make a nice warm WiFi blanket over the entire campus. But not always...and it's aggravating when they actively work to kill WiFi even when their own network is crap. Speaking from second-hand experience from my alma mater for the second bit.



Nyancat

@78.110.169.x Nyancat Anon Re: i hope the hotels lose LOL, I'm a student at the University of Montana and our WiFi is utter rubbish. They've improved it a great deal in MANY buildings on campus, but until the middle of this semester was unusable. It's still unusable in my apartment in student housing - and they just installed WiFi out here a few months ago. With a terrible, inadequate build density. It's a total joke.



tc1uscg

join:2005-03-09

Guantanamo tc1uscg to Kearnstd

Member to Kearnstd

Marriott does not have it's customers best interest at heart. If there's a buck to be made, they will do it. Now, if Big Wireless decided to offer a deal for those traveling, or just pay the 5 bucks, buy the PDAnet and/or Foxfi app, the problem would be solved and all this would be a mute point.

quisp65

join:2003-05-03

San Diego, CA quisp65 Member Sheraton signals reach my home Personally I don't think there is a chance in hell the FCC will approve this and it is just a media driven story mostly, but users who are within signal strength of these disruptions might be effected.



TechyDad

Premium Member

join:2001-07-13

USA TechyDad Premium Member Re: Sheraton signals reach my home Exactly this. If Marriott starts de-authing all Wi-Fi signals that reach their hotels, they will not only catch a customer in his room trying to use his laptop on his phone's hotspot, but they will also block someone who happens to be within range of a Marriott and is trying to use a legally accessible Wi-Fi access point that has nothing to do with Marriott.



Yes, they could "exempt" known Wi-Fi instances from their blocking software, but how are they going to tell the difference between "customer in room on phone hotspot" and "person in the restaurant across the street on phone hotspot?"

cramer

Premium Member

join:2007-04-10

Raleigh, NC cramer Premium Member Re: Sheraton signals reach my home Careful aiming of antennas (which also keeps their wifi on their own property), but they aren't going to hire guys capable of doing this.



battleop

join:2005-09-28

00000 battleop Member Re: Sheraton signals reach my home They have guys working for them that are very capable of doing this however the general attitude at most of the large chain's WiFi groups is that they are and they are the shit and the rest of the world will bow to them because they are the shit.



swintec

Premium Member

join:2003-12-19

Alfred, ME swintec Premium Member Deauth.. "An attacker can send deauth messages to an access point tied to client IP addresses thereby knocking the users off-line and requiring continued re-authenticate,"



How would this work if I (and only I) am connecting to my phones hotspot with WPA2 enabled, etc enabled? Are they simply guessing the client IP addresses in use and hitting all private addresses at once?

ptb42

join:2002-09-30

USA ptb42 Member Re: Deauth.. said by swintec: How would this work if I (and only I) am connecting to my phones hotspot with WPA2 enabled, etc enabled? Are they simply guessing the client IP addresses in use and hitting all private addresses at once?



All the deauth attack does is pretend to be the client (with the correct IP address and MAC address) and send deauth packets to the access point. It isn't difficult to pick out the IP addresses and MAC addresses from the conversation between your laptop/tablet and your hotspot. That part is unencrypted. It's the payload that is encrypted by WPA2.All the deauth attack does is pretend to be the client (with the correct IP address and MAC address) and send deauth packets to the access point.

elefante72

join:2010-12-03

East Amherst, NY elefante72 Member Re: Deauth.. Its a wireless DoS (denial of service) attack. It's quite easy to do. I'm surprised more nefarious people don't do this on a regular basis.



With that said US TLA have been going around mimicking cell phone towers, so in general the whole authentication/repudiation trust zones on currently deployed wireless technologies is shitty at best.



So if the L3+ actual payload is not encrypted, it is easily snooped. And I am not talking L2, something like VPN tunnel.



That is why we need encryption everywhere...



And not mentioned is all the man in the middle junk these hotels do to wifi connections. To me, if I'm not running a VPN tunnel, it's not happening.



Napsterbater

Meh

MVM

join:2002-12-28

Milledgeville, GA (Software) pfSense

Ubiquiti UniFi UAP-AC-PRO

Napsterbater to ptb42

MVM to ptb42

said by ptb42: It isn't difficult to pick out the IP addresses



But IP address are not needed to deauth wireless clients, only the MAC which is sent in the clear. IP address are part of the encrypted payload, if you can read the IP you can read the whole packet.But IP address are not needed to deauth wireless clients, only the MAC which is sent in the clear.

ptb42

join:2002-09-30

USA ptb42 Member Re: Deauth.. said by Napsterbater: IP address are part of the encrypted payload, if you can read the IP you can read the whole packet. Thanks for the correction. In retrospect, it was dumb for me to think the IP addresses weren't encrypted -- that would reveal exactly who the client was talking to: the destination IP address isn't the AP, it's the peer IP.



Napsterbater

Meh

MVM

join:2002-12-28

Milledgeville, GA Napsterbater to swintec

MVM to swintec

An IP is not involved at all as that is encrypted in WPA(2). MAC addresses are used, and in 802.11 networks MAC can be seen in the clear.



swintec

Premium Member

join:2003-12-19

Alfred, ME swintec Premium Member Re: Deauth.. said by Napsterbater: An IP is not involved at all as that is encrypted in WPA(2). MAC addresses are used, and in 802.11 networks MAC can be seen in the clear. Only the MAC is seen? In that case, how can they tell which hot spot / AP the device is communicating with, if there are a couple of hundred across the hotel or even sitting in a conference area?



Napsterbater

Meh

MVM

join:2002-12-28

Milledgeville, GA (Software) pfSense

Ubiquiti UniFi UAP-AC-PRO

Napsterbater MVM Re: Deauth.. said by swintec: said by Napsterbater: An IP is not involved at all as that is encrypted in WPA(2). MAC addresses are used, and in 802.11 networks MAC can be seen in the clear. Only the MAC is seen? In that case, how can they tell which hot spot / AP the device is communicating with, if there are a couple of hundred across the hotel or even sitting in a conference area? The AP's BSSID and STA's MAC, each packet has a source and destination address, you can have 802.11 network with no IP addresses at all as IP address have nothing to do with a 802.11(abgnac) network. just like you can have an Ethernet network with no IP address.



Uncle Paul

join:2003-02-04

USA Uncle Paul to swintec

Member to swintec





Unless Marriott wants to invest in Cisco 802.11w equipment, but then I don't know how effective that would be as not all OSs support protections in the management frame.



»en.wikipedia.org/wiki/IE ··· 11w-2009 The flip side to this is if they are allowed to de-auth my hot spot, then I can do the same to them. Is this a fight Marriott really wants to get into with the technical community?Unless Marriott wants to invest in Cisco 802.11w equipment, but then I don't know how effective that would be as not all OSs support protections in the management frame.



Rob

Premium Member

join:2001-08-25

Miami, FL Rob Premium Member Wrong Approach... Some of us, who can tether, have no problem paying for Wifi in the hotel. The only reason why I don't is because...



1) The connection is horrible. I either do not get good coverage, or I have to sit next to the door to connect.



2) The speeds are horrendous. I get same or sometimes faster speed when tethering my phone.



3) The price is outrageous. $12-$20 dollars PER day? For crappy connection?



4) Difficult to connect sometimes, and many times after you get connected, their firewall is so tight, that you can't even access basic websites.



Once again, we see how a company approaches the issue the wrong way.



battleop

join:2005-09-28

00000 battleop Member Re: Wrong Approach... "The speeds are horrendous. I get same or sometimes faster speed when tethering my phone."



We supply Metro E circuits to a large "Premium" chain of hotels. Many of them have 50-100Mb Metro E circuits feeding the hotel but they traffic shape the WiFi connection to the end user down to 1-2Mb. This leads to guest complaints which in turn leads to a hotel manager beating our customer service senseless because the manager does not understand the problem is with his WiFi support group because they use the 1st step of network troubleshooting which is to blame the ISP.



Eagles1221

join:2009-04-29

Vincentown, NJ Eagles1221 Member Re: Wrong Approach... 50 MB to a hotel with 1200 rooms is kinda pointless IMHO



battleop

join:2005-09-28

00000 battleop Member Re: Wrong Approach... Based on what?

fieroloki

join:2007-07-29

Van Alstyne, TX fieroloki Member Not sure about a money grab Every single Marriott I have stayed in this year had free WIFI.



IowaCowboy

Supermarket Hero

Premium Member

join:2010-10-16

Springfield, MA ARRIS SB6183

Netgear R8000

IowaCowboy Premium Member Making up for lost phone revenue Hotel phones used to be a cash cow for hotels, now they just sit on the nightstand idle.



Nobody wants to pay $10 USD for a 2 minute local call when I can pull out my iPhone and call long distance all I want toll and airtime free (unlimited) on my Verizon plan. And cell phone blasters are clearly illegal while sending deauth packets is a gray area.



If they were charging me $1000 for Wi-Fi and interfering with my Mi-Fi, I'd go to a verizon store and buy a $249 USB modem.

AmericanMan

Premium Member

join:2013-12-28

united state AmericanMan Premium Member No need for the word "combine" Combine those deep-pocketed companies with general consumer annoyance, and it seems unlikely that the FCC's going to change its tune. It's really all about the deep-pocketed companies. The 'general consumer annoyance' matters not in the eyes of the powers that be. If it weren't for Google et al. just so happening to be on our side in this instance, I think the article title would've instead been "Marriot Gets FCC OK in Blocking Tethered Modems, Hotspots". In the article, you said:It's really all about the deep-pocketed companies. The 'general consumer annoyance' matters not in the eyes of the powers that be. If it weren't for Google et al.to be on our side in this instance, I think the article title would've instead been "Marriot Gets FCC OK in Blocking Tethered Modems, Hotspots".



KennyWest

@98.28.97.x KennyWest Anon Re: No need for the word "combine" Google is only on "our" side right now. Google goes to who is paying the most money as they did with Verizon on NN. Google is nothing more than a mouth piece for what ever gets their name in the press for that moment.

uberjon

join:2010-02-10

Kane, PA 1 recommendation uberjon Member umm quote: Still, Marriott's insisting that deauthing isn't technically illegal. If the FCC agrees with that it would be total chaos. Everyone could just de-auth the real Marriott access points. As well as every Starbucks/library/evil neighbor.... If the FCC agrees with that it would be total chaos. Everyone could just de-auth the real Marriott access points. As well as every Starbucks/library/evil neighbor....



buzz_4_20

join:2003-09-20

Biddeford, ME buzz_4_20 Member Wow... Who'd think so many companies would be pissed at your using a device and service you pay for.



Seriously

JackBauer

join:2006-08-24

Schenectady, NY JackBauer Member Marriott is making a run... For getting on the Consumerist's Worst Company challenge.



They might not "win" against Comcast, but they sure as hell are trying.



bbbc

join:2001-10-02

NorthAmerica bbbc Member Marriott wants you to tip their underpaid staff too



»fortune.com/2014/09/16/m ··· r-wages/ Man, Marriott is really working the alternative revenue streams. The company is now leaving envelopes in the rooms to encourage tipping to their housekeepers.



michieru

Premium Member

join:2009-07-25

Denver, CO michieru Premium Member ! "The hotel group says the law against willful interference of communications signals shouldnt apply to Wi-Fi, because it doesnt use licensed spectrum. The law also shouldnt cover interference that results from efforts to monitor and mitigate threats to the security and reliability of its network, the hotel group said in an FCC filing in August."



One is a type of technology that uses unlicensed spectrum and the other is communication within unlicensed spectrum. What Marriott is really asking is to target a technology that they also provide for a cost not because it interferes with their service because I am sure they have microwaves in every room and those cause interference to include any bluetooth device and cordless phone in the lobby.



A public hotspot with a different SSID that is not of the hotels is of no "threat" to you or your network. So a blanket mitigation technique is out of your scope and against the law. A SSID with the same name as your public hotspots within your area is an actual threat because it's acting as a MiTM. Even if you had permission from the FCC to mitigate this AP. You still are required to locate it and stop the threat. So simply asking to send deauth packets to a rogue AP does nothing for you.



This is assuming the same SSID is used. A client can still bridge the connection and rebroadcast your network with another SSID entirely and you will not be warned or know about this threat without having some analytics regarding usage and connection time to weed them out. Good luck with that.



tfrionli

Tom F.

join:2001-06-21

Kings Park, NY tfrionli Member So they block wifi. Seems to me their within their rights to restrict wifi traffic,, why stop there.. why not disable all cell phones so you need to rent a secure phone from them,, how about food.. You can't bring in food to the hotel,, you need to eat at their restauraunt because you could get a food 'virus' from the neighborhood eateries, ok what else, tv, oh yeah that did that already.

tired_runner

Premium Member

join:2000-08-25

New York 230.4 37.3

·callwithus

tired_runner Premium Member Time to tether via usb ...or Bluetooth.



To me it's been convenient to simply fire up the hotspot on my phone and the laptop quickly finding it, then vpn into my home router for safe browsing.



Like others mentioned; it is unlicensed spectrum. Anything goes.



It's an excellent way to milk the stupid consumer though. Gotta give 'em that.



davidc502

join:2002-03-06

Mount Juliet, TN davidc502 Member Desparation? They must be desperate to collect funds. This doesn't doesn't seem like something a sound and steady company does.



This certainly affects who I want to hotel with whilst away from the home.



ilikeme

Premium Member

join:2002-08-27

Stafford, TX ·Toast.net

ilikeme Premium Member Wish I could boycott Marriott I go to two yearly conferences at the Renaissance Hotel in Austin. They charge something like $12/day for in room wifi. No way I am paying that. I tried it once a few years ago and it felt like I was on dial-up. I just teather to my iPhone and usually get at least 30Mbps there on At&t LTE both in my room and in the conference areas. I have not had any issues with doing that yet but will see how it is again at the end of January.



Boooost

@24.190.186.x Boooost Anon If the shoe were on the other foot quote: Marriott's insisting that deauthing isn't technically illegal. If someone targeted Marriott's WiFi, you can bet they'd be screaming bloody murder to the FCC. If someone targeted Marriott's WiFi, you can bet they'd be screaming bloody murder to the FCC.