Hotel blocking personal router

Info here

So either use a burner phone for usb tethering or 750s WiFi 2.4gz client/5gz AP

I wasn’t aware of usb150 does client mode. is that with the latest testing version 3.1? thanks in advance.

What about Masquerade your AP with the same Mac address and name as hotel AP, the evil twin

@sfx2000
Is there any way to circumvent this problem? I set some settings for the AP

I wonder how my setup would do in this situation. I’m using a usb-dongle (plugged into the router) for connecting to hotel wifi. So in my case the mac would be different, used wifi-channels will be different.

Getting a USB-dongle which works with OpenWRT requires much research (it needs to contain certain supported chipsets!), but I have that! Normally such a USB-dongle will be plugged in a desktop or laptop, so a simple mac blacklist won’t do in that case.

@rp201rp,

hilton is scanning known ports of the wireless interface and getting some OS dection or getting a resoponse from a known port associated with ddwrt/openwrt/gli-net/etc

I would find that pretty unlikely. In WISP mode the hotel-wifi is seen as WAN by the firewall. So that basically means block all incoming traffic.

the gli wifi mac address is a spin off first hex group(-2 or +2 ) characters of the lan or wan mac and they have figured this out and autodisconnect/non-route it.

That’s very likely. I haven’t tried this for gli, but that’s pretty common way

are they detecting traffic to outside address like www.glddns.com

They may be doing that, but I doubt that. Plenty of routers do not do that and if glddns would allow customers to also have that for a PCs and have a pc-client for that, this would be blocking those PCs as well.

Another option would be that they check TTL of the packages.

Thank you groentjuh for your very informative post. I think a USB-dongle or a Mifi unit would be my next port of call. Out of interest, how can I use gl.inet in client mode without being able to connect to the WiFi network first? I will get a Mifi unit later today and experiment.

Can you connect to the gl router using a lan-cable? If you can, you could see if you can disable the gl-inet AP and still get blocked. Ofcourse change the gl-inet mac as well, just to make sure it also doesn’t use a (temporary) blacklist.

when johnex posted that I went yup.

is that ttl change the same as

If i remember correctly i think my command is system wide, so for all rules not just 1.

EDIT: Yes, it is a kernel command. Needs to be run on each boot too.

usb dongle will kill your speed, been there, done that. If you do head down this route rt5370 is recommended as it can do both master/station mode. Better performance can be had by using 2 routers connected ethernet wan/lan

i am guessing you need to SSH into router and execute the command

so further investigation
https://www.reddit.com/r/networking/comments/48v0l0/air_marshall_containment_and_how_to_stop_it/

Actually it can “contain” by sending deauth frames to any of the neighbours that you have flagged as malicious rogue.
I thought the FCC strongly disapproved with people jamming wifi

So they are jamming your AP, Nothing can be done.
The only possible is setup your AP with same mac/ssid/bssid as hotel AP

Yeah, run some counter measures. Do as @sammo recommended, see if it helps.

Fight fire with fire. One thing you can do is go to the pool area for example, somewhere far where there still is Wifi. Connect to that AP and get the AP MAC Address. Write it down. Go back to your area of the hotel and then set up the GL router to the same MAC, AP name etc.

They won’t block their own AP’s, but they could be checking things like IP’s assigned and so on. It’s worth a try at least. Worse case, just find a loose network cable at the hotel, maybe in their conference room and put your router there

or when the maid is cleaning a tub down the hall grab her keys from her kart and commando the towel closet looking for a POE ethernet line or hub.

Yes, or, you can wait for the new GL-iNet AP1300, and just remove the shitty Cisco AP the hotel will have on the ceiling, and place your own there. Nobody would ever know Even the IT guys will walk by and think “hmm, that one looks slicker than usual, but its working, can’t be that” and move on.

Connecting your router to their LAN does not help. They are actively jamming AP. What you need is a Faraday cage.

Does it work if you turn off your AP, connect your pc to the LAN port and only set up repeater connection to their network?

Or can we jam cisco ap as well?

“Client Mode” is Repeater with the AP turned off… which effectively turns the USB150 into a client station, as it’s not sending out beacon/management frames, as one is only connected over the USB ethernet to the laptop.

I do find this handy, as I’ve got it running as a WG client

They are actively scanning and jamming foreign AP. Jamming works both. By jamming them you can’t connect to their AP. I wasn’t kidding about a Faraday cage aka tin foil. You will need 2 routers linked by ethernet. The client router connects to hotel AP. The AP’s router is protected behind the Faraday cage. Or you can boycott the hotel

Would also works with usb tethering with a long usb cable.