> Wired has an article about a possible vulnerability in WPA that allows > a fairly trivial DoS attack. > http://www.wired.com/news/business/0,1367,56350,00.html
Actually, if you wanted to shut down a WPA network, there are easier ways than forging data frames. Since WPA doesn't authenticate management or control traffic, you can just send spoofed Disassociate frames. > Am I completely off beam with this? In theory, layer 2 security could protect against attacks that layer 3 cannot - such as spoofing of management and control frame traffic. It can also provide network access control, while layer 3 solutions generally require an open DMZ. Finally, layer 2 solutions generally have more mature mobility functionality than layer 3. For the most part, these things don't matter for point-to-point connectivity, but for highly mobile deployments (e.g. a warehouse), particularly where seamless connectivity is a requirement, layer 3 security solutions are typically not viable. Seamless connectivity is likely to become increasingly important as 802.11 is more widely deployed, so it's worth considering as part of a deployment plan. For example, does it make sense to require the user to fill in a web form every time they associate to a new access point? For a coffee shop where the customers are presumably sitting down for a while, that's ok. On a walk around midtown, having to do that every block could get old quickly :) -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
