Steve, I actually offered two but maybe I made it sound like one. Cisco offers a product that use EAP extentable autentication protocol (Dynamic WEP keys). The problem with this product is that like a lot of things it is based on a standard but is still proprietry so unless you made all of your customers by cisco cards it will not work. This becomes hard as a lot of laptops are coming out with wifi cards built in. You will have to excuse me a few things may have changed it was a few months ago now that I had to do all my work with wifi. Anyway I believe lucent had a feature that was in their new firmware that checked the IV of the RC4 key before it sends any packet so that it does not use any of the weak IV making its WEP more secure (airsnort wepcrack attacks) this was compatabile with all other cards but as you can guess if they aren't using the right card then transmission back to the base station may still use the weak IVs. This also does not elimanate brute force attacks and a few of the replay attacks. When I was talking to the vendors one made mention of the fact that Windows XP supported EAP in the software not in the firmware of the card. I have not test this but this might allow for al vendors cards to be able to get dynamic wep keys.
There was also talk of wifi fixing up wep to make it more secure an I have seen a few articles about WEP2 but I haven't read enough to comment on these developments. The biggest problem we found was that all the vendors are trying to fix the wep problem but in their own way and only seem to be focusing on the AP style products not any of the point to point (base station to base station) situation which I see as more of a problem as these device normally are futhur a part and travel well outside organisations property where many would be attackers could be listening. Where I live there are a few ISP that use Wifi links to connect to their upstream providers across the heart of the central business district. The scary thing is they do not do any for of ipsec tunnel (or wep) and some of there well know customers would be none the wiser that their traffic can be seen so easily. But does it become the customers problem to look after security as once those packets hit the internet people will be about to sniff them or MIM. Last note I have seen ISPs that use VPNs over the wireless segment Ashley Woodbridge CCNA CCNP Network Systems Stratagem Concepts ----- Original Message ----- From: "Steve Sobol" <[EMAIL PROTECTED]> To: "Ashley Woodbridge" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, January 18, 2002 04:10 Subject: Re: Arp Spoofing with wireless networks > > At 07:11 AM 1/17/02 +1000, you wrote: > >until we finish testing of Cisco ACS as this provides random dynamic WEP > >keys that rotate regularly to over come some of the wep problems. But for > >the total solution (if you don't have to worry about things like IPX) would > >be to run vpn client from the desktop to a vpn concentrator which is > >correctly firewalled. This should make it as a secure as ipsec is any where > >else(probably no need to run wep at all if you run ipsec over the top). > > I should have clarified. You offered one solution, but at consumer ISP, > vpns may not be the answer. are there any other good solutions? > > > > -- > JustThe.net LLC - Steve "Web Dude" Sobol, CTO ICQ: 56972932/WebDude216 > website: http://JustThe.net email: [EMAIL PROTECTED] phone: 216.619.2NET > postal: 5686 Davis Drive, Mentor On The Lake, OH 44060-2752 DalNet: ZX-2 >
