new prism (connexant)

Denis Vlasenko vda
Tue Jun 15 06:35:59 PDT 2004


On Tuesday 15 June 2004 11:41, Jim Thompson wrote:
> On Jun 14, 2004, at 8:52 PM, Luis R. Rodriguez wrote:
> > On Mon, Jun 14, 2004 at 10:22:53AM +0300, Sergey Basmanov wrote:
> >> Hello,
> >> Who knows if new prism chips
> >> (http://www.conexant.com/products/entry.jsp?id=28) compatible with
> >> hostap?
> >> If any, which cards uses this chips?
> >> I've searched all local stocks for any prism-based card that
> >> compatible
> >> with hostap, but without any success.
> >>
> >> Thank You.
> >
> > For prism GT see http://prism54.org
> >
> > AP support is available. WEP AP support is availble, WPA is on the
> > works
> > (it will use wpa_supplicant from hostap project).
>
> Yes, but what about WPA as an AP (or even 802.1x as an AP)?

Isn't 802.1X fatally flawed?

802.1X-2001.PDF:

<quote>
7.9 Use of EAPOL in shared media LANs

The use of individual MAC addresses with EAPOL (7.8)
permits the use of EAPOL in shared media LAN environments,
and  in particular, this has been allowed in order to support
the use of Port-based Network Access Control in IEEE 802.11
wireless LAN infrastructures. However, it should be noted that
such use can only be made secure if communication between the
Supplicant and Authenticator systems takes place using a secure
association. Attempting to use EAPOL in a shared medium environment
that does not support the use of secure associations renders
Port-based network access control highly vulnerable to
attack;  for example, station A can mount a successful
denial of service attack on station B simply by issuing
an EAPOL-Logoff packet using station B's individual MAC address.
</quote>

For me, it translates into:
"802.1X is useless for wired LANs and 802.11"
Am I missing something?
-- 
vda




More information about the Hostap mailing list