How did the Marriott block wifi hotspots?

If you read the FCC release further it says:

Marriott operates a Wi-Fi monitoring system manufactured by a third party that was installed at the Gaylord Opryland. Among other features, the system includes a containment capability that, when activated, will cause the sending of de-authentication packets to Wi-Fi Internet access points that are not part of Marriott’s Wi-Fi system or authorized by Marriott and that Marriott has classified as “rogue.”

A Wi-Fi Deauthentication Attack uses a feature of the IEEE 802.11 protocol called a deauthentication frame which is a "sanctioned technique to inform a rogue station that they have been disconnected from the network".

An attacker can send a deauthentication frame at any time to a wireless access point, with a spoofed address for the victim. The protocol does not require any encryption for this frame and the attacker only needs to know the victim's MAC address, which is available in the clear.

A good article on how to do this is Forcing a device to disconnect from WiFi using a deauthentication attack

Note that this is prevented by the new Protected Management Frames (PMF) feature of WPA2 and WPA3, also known as IEEE 802.11w-2009.


The Gaylord Opryland Resort operated APs which would send 802.11 deauthentication frames with spoofed addresses, basically fooling client devices into thinking that they were disconnected from the Wi-Fi network. This attack only requires the target device's MAC address, which is trivial to obtain through monitoring of wireless network activity, and is independent of any encryption. This is called a deauthentication attack.

Marriott was ultimately fined $600,000 when the FCC ruled this operation to be illegal jamming. The deauthentication attacks interfered with lawful wireless communications, even though it did not involve the usual approach of emitting noise to disrupt communication.