new prism (connexant)

Jim Thompson jim
Wed Jun 16 00:54:07 PDT 2004



On Jun 15, 2004, at 6:35 AM, Denis Vlasenko wrote:
>
> For me, it translates into:
> "802.1X is useless for wired LANs and 802.11"
> Am I missing something?

Yeah.

First 802.11 is useless in the face of a DOS attack.  I can just send 
deauthenticate frames for the
client to the AP.  Presto, you're cooked.

There are a plethora of other DOS attacks on 802.11, before you get to 
the physical layer, which is,
btw, completely unprotected.

So no, 802.1x isn't fatally flawed.  Its better than WEP, and 
802.1x/EAP-TLS is *AT LEAST* as good running
IPSEC over the wireless link in all but the situation where full certs 
are deployed at each end.

Jim





More information about the Hostap mailing list