Very interesting point. A Cisco page[1] discussing this feature says:
"Containment can have legal implications when launched against neighboring networks. Ensure that the rogue device is within your network and poses a security risk before you launch the containment."
Cisco seems to think this is perfectly fine to do to rouge APs connected to an organization's wired network, however.
Note that the Marriott enforcement action concerned the use of personal access points not connected to a Marriott network.
I don't see any basis in the Communication Act for making this distinction though. 47 U.S.C. Section 333, the law Marriott violated, says: "No person shall willfully or maliciously interfere with or cause interference to any radio communications of any station licensed or authorized by or under this chapter or operated by the United States Government." From the Cisco materials mentioned above, it seems the mitigation method involves sending fake de-authentication packets over the air. That also seems like intentional interference to me!
It's clear from the memo that the FCC considers security risks to be exempt from this requirement.
It sounds like the AP being on your network is what constitutes the security risk. I doubt the FCC would have a problem with a network administrator taking action like that. Unrelated APs are different.
Aren't jamming devices of that type illegal, as discussed elsewhere in the thread? And isn't what Cisco is doing by even manufacturing a device with that capability illegal, or at least cause for the FCC to ban its sales in the US?
‘Jamming’ and ‘exploiting a protocol flaw’ are both methods of interfering.
> 47 U.S. Code § 333 - Willful or malicious interference
>
> No person shall willfully or maliciously interfere with
> or cause interference to any radio communications of any
> station licensed or authorized by or under this chapter
> or operated by the United States Government.
If you can ensure that the rouge device is within your network, then you probably know what port on the switch it's connected to, and you can block it from your network without sending any de-auth packets.
I guess if someone is impersonating your SSID then this feature could be useful.
"Containment can have legal implications when launched against neighboring networks. Ensure that the rogue device is within your network and poses a security risk before you launch the containment."
[1]http://www.cisco.com/c/en/us/support/docs/wireless/4400-seri...
Cisco seems to think this is perfectly fine to do to rouge APs connected to an organization's wired network, however.
Note that the Marriott enforcement action concerned the use of personal access points not connected to a Marriott network.
I don't see any basis in the Communication Act for making this distinction though. 47 U.S.C. Section 333, the law Marriott violated, says: "No person shall willfully or maliciously interfere with or cause interference to any radio communications of any station licensed or authorized by or under this chapter or operated by the United States Government." From the Cisco materials mentioned above, it seems the mitigation method involves sending fake de-authentication packets over the air. That also seems like intentional interference to me!