Another option is move to WPA3.
WPA3 is the way to go. You can have the client on WPA2 and your AP on WPA3. Android, Apple and Microsoft supports the protocol.
1 Like
Does it work if you make the SSID hidden, not turned off?
1 Like
Still sends out Beacon and Management Frames - so the AP will be deauthedâŚ
1 Like
WPA3 wonât help hereâŚ
1 Like
Can you shed some light why WPA3 does not prevent deauth attacks?
Wi-Fi alliance has made it mandatory for WPA3 devices to support PMF (Protected Management Frames). PMF implies that management frames (E.G. â Deauthentication) are protected and would prevent spoofing by unauthenticated clients or rogue devices.
1 Like
Thanks alzhao. I will attempt to connect to PC (if I can find one in the hotel) via LAN but will the router still theoretically be able to use connect to hotel WiFi in the repeater if wireless radio is off? BTW, I have managed to easily use a Huawei Mifi unit as a WiFi extender (without a SIM) to connect to the hotel WiFi and then use cable tethering to the GL.iNet unit and this daisy chain setup appears to have been working perfectly but I am quite surprised that the huawei device doesnât appear to have been blocked by the hotel system. Is this possibly due to fact that the device is primarily designed to work as LTE router rather than a WiFi repeater/hotspot?
If you turn off the wifi you can still set up repeater via a cable.
If you can connect via Huawei Mifi and use GL.iNet as AP, then it seems not ap jam.
There must be something else.
1 Like
Not much of an update really but connecting the router to a PC via LAN, disabling wireless of the router and trying to connect to hotel WiFi has not worked. Also cloning the hotelâs MAC and then the desktop PCâs MAC to the router (without cloning SSID) have also not made any difference. I am starting to suspect that this could all be due to some sort of an incompatibility issue with GL.iNet as all other devices (phone, tablet, firestick, desktop PC and MiFi unit) have been able to connect to the hotel WiFi with no issues at all.
Not that it will help with the repeater setup, but check around your room for a standard LAN port in the walls and plug in to that. I have found quite a few times they are forgotten and hidden behind the bed or couch but still active.
Another thing to look at is the TV. Iâve found in Marriott (and sometimes other) properties many times the TV is hooked up to a box (attached to the back of the TV) that acts as a client for their network based television system. Iâve found there is often a LAN port on this and sometimes itâs unblocked full speed internet. At a place I was staying at a few weeks ago I was getting about 35Mbs from it without even hitting their captive portal. Going through their standard Wifi it was about 5Mbs.
2 Likes
Wonât help for a long, long time, as a vast majority of the devices out there are WiFi 4/5, and PMF is optional there - so they just deploy that.
1 Like
Keeping an eye on this topic - might have a chance to see things first handâŚ
Have tools and knowledge to explore further
1 Like
Looking to make sure I understand the the issue⌠when users router connects wirelessly in repeater mode to hotel wifi, and users router which has a single wireless adapter shares an access point for clients using that adapter also. the hotel wireless security software sees the bssid of one of itâs clients connected to it (you) and that client (you), also is sending out AP beacons for itâs clients(pc phone tvbox). They(hotel wifi routers) then send out de-auth wireless packets to your wifi router or just deauth your client connection to them internally
My understanding is that they would deauth all routers in the area, so all devices connected to your GL router would get disconnected constantly. My guess is they could also ban the client connected with the same name as the rouge APâs as well.
So the trick i wrote a few posts up would work. Getting the MAC of one of their own APâs and use it against them.
Can the hotel system actually be picking up the OS of these routers and blocking the OpenWrt routers rather than the AP beacon or even the MAC address? If this is the case, then is there a way to mask this to test?
Have you got Cloudflare DNS selected? I just wonder if you took DNS from their system if they were redirecting you to a login page. If Cloudflare is selected you might not see the captive page.
Yes and no - e.g. one can use a MiFi type device providing WiFi from LTE as a private network, so as long as the LTE rateplan allows tethering/hotspot that will work.
Looking at both Hilton and Marriott properties in Bothell, WA, Austin, TX, and Boca Raton, FL - they are aggressively targeting repeaters - and they can detect things fairly easily by looking at the layer 2 headers in the packets, so WPA3 with PMF wouldnât actually work to hide things, as layer 2 cannot be encrypted (even though the layer 3 and above can be)
They donât deauth the clients attached to the repeater, they deauth the repeater itselfâŚ
Theyâre not that fancy - as they also block Internet Connection Sharing with Windows if one is connected over their WiFi and rebroadcasting to personal devices.
Is there any news to this? i guess thats the problem i am having
Does this address the same problem?
1 Like
