new prism (connexant)
Denis Vlasenko
vda
Wed Jun 16 08:28:22 PDT 2004
On Wednesday 16 June 2004 10:54, Jim Thompson wrote:
> On Jun 15, 2004, at 6:35 AM, Denis Vlasenko wrote:
> > For me, it translates into:
> > "802.1X is useless for wired LANs and 802.11"
> > Am I missing something?
>
> Yeah.
>
> First 802.11 is useless in the face of a DOS attack. I can just send
> deauthenticate frames for the
> client to the AP. Presto, you're cooked.
Yes. :(
> There are a plethora of other DOS attacks on 802.11, before you get to
> the physical layer, which is,
> btw, completely unprotected.
I think brute force flood cannot be defeated, so this
can't be blamed on 802.11.
All non-flood ways of DoSing should be thought of,
and measures against them taken, at protocol design stage.
> So no, 802.1x isn't fatally flawed. Its better than WEP, and
> 802.1x/EAP-TLS is *AT LEAST* as good running
> IPSEC over the wireless link in all but the situation where full certs
> are deployed at each end.
There are at least three working crypto tunnels for Linux which I used,
and one of them, OpenVPN, is as strong as IPSEC and also have Windows port.
Then, ther is IPSEC itself. For the time being, I will try to stay away
from 802.1X
--
vda
More information about the Hostap
mailing list