North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Wireless insecurity at NANOG meetings

  • From: Sean Donelan
  • Date: Sun Sep 22 21:58:04 2002

On Sun, 22 Sep 2002, William Allen Simpson wrote:
> I will agree that the security in WEP is almost useless, and have
> personally campaigned to change it for years.  But, it is still the only
> Access Control widely available.  So, it should be used, in addition to
> the better methods.

Access control should be used when you need access control.  Sometimes
engineers need to step back from solving the problem, and look at whether
the problem needs to be solved.

What access control do you need for a public drinking fountain?

What access control do you need for a public wireless access point?

WEP won't keep people from hacking other laptops at Nanog meetings, and
won't stop people from sniffing plain-text passwords. Everyone at the
meeting will have the key, and a secret shared with 500 people won't stay
secret for even two days.  For a network with no other access control,
what purpose does WEP serve?