new prism (connexant)

Jouni Malinen jkmaline
Tue Jun 15 19:52:25 PDT 2004


On Tue, Jun 15, 2004 at 04:35:59PM +0300, Denis Vlasenko wrote:

> Isn't 802.1X fatally flawed?

Well.. When used without WPA, it allows one more way of kicking a
station off the network (i.e., DoS) by sending EAPOL-Logoff. However,
this is not really anything new, since the same thing can be done
sending a spoofed IEEE 802.11 deauthentication frame. IEEE 802.1X
authentication itself is fine, assuming the EAP method is selected
properly, i.e., use something with tunneled encryption, e.g., EAP-PEAP
or EAP-TTLS; or EAP-TLS if you have infrastructure for client
certificates.

-- 
Jouni Malinen                                            PGP id EFC895FA




More information about the Hostap mailing list