1. Ask any ham radio operator: anyone can intercept the signal. Your only safeguard is the SNR at the nearest place where the signal can be intercepted (ie. outside your door). If a user assumes otherwise - it's his own problem (because it is his responsibility to protect his own system).

2. There are safeguards however against transmission - there are rules regarding transmission: max. input power, max output power, max EIRP - ask your local radio agency (which for most of you will be probably the FCC). You can protect against people using legal equipment injecting packets into your own network by using different antennas, shielding, lowering receiver sensitivity etc. (but it is your responsibility to do so). If someone uses illegal power levels - you are fully protected (the law will hunt him down).

3. the 2.4GHz band is a shared medium, and there are no laws that i know that limit what content you transmit(*) (therefore you can have cordless phones, microwaves etc in the same band) - so you can expect any bit pattern to arrive from your receiver (even an RST packet to your connection, or a WEP encrypted packet you sent, replayed 100000 times, with various bits flipped and a fixed-up CRC) - if you didn't protect against this (eg. by using IPSEC) - it's your own problem.

so if you want to solve the problem - get another band, issue licenses for it. mandate by law an access mechanism to the spectrum, and what content can be transmitted by whom. to guard against eavesdroppers use some good encryption, and maintain some proper way of key distribution. all of these features are used on commercial radio links (many of which use external IPSEC devices for encryption). on the other hand - most 802.11b were meant for totally different use, and therefore lacks the above features.

so to sum up you're welcome to use any technology, if the one thet you choose ends up being insecure - it is your problem. why?
BEACAUSE YOUR OWN POOR CHOICE OF TECHNOLOGY IS YOUR OWN PROBLEM.


(*) there are laws like this in other bands, for example in the amateur bands you can't use profanity.


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/237/26039#26039