new prism (connexant)
jim at netgate.com
Wed Jun 16 03:54:07 EDT 2004
On Jun 15, 2004, at 6:35 AM, Denis Vlasenko wrote:
> For me, it translates into:
> "802.1X is useless for wired LANs and 802.11"
> Am I missing something?
First 802.11 is useless in the face of a DOS attack. I can just send
deauthenticate frames for the
client to the AP. Presto, you're cooked.
There are a plethora of other DOS attacks on 802.11, before you get to
the physical layer, which is,
btw, completely unprotected.
So no, 802.1x isn't fatally flawed. Its better than WEP, and
802.1x/EAP-TLS is *AT LEAST* as good running
IPSEC over the wireless link in all but the situation where full certs
are deployed at each end.
More information about the HostAP