Reference Manual for the RangeMax Wireless Router WPN824
D-16 Wireless Networking Basics
202-10072-01, March 2005
Is WPA/WPA2 Perfect?
WPA/WPA2 is not without its vulnerabilities. Specifically, it is susceptible to denial of service 
(DoS) attacks. If the access point receives two data packets that fail the message integrity code 
(MIC) within 60 seconds of each other, then the network is under an active attack, and as a result, 
the access point employs counter measures, which include disassociating each station using the 
access point. This prevents an attacker from gleaning information about the encryption key and 
alerts administrators, but it also causes users to lose network connectivity for 60 seconds. More 
than anything else, this may just prove that no single security tactic is completely invulnerable. 
WPA/WPA2 is a definite step forward in WLAN security over WEP and has to be thought of as a 
single part of an end-to-end network security strategy.
Product Support for WPA/WPA2
Starting in August, 2003, NETGEAR, Inc. wireless Wi-Fi certified products will support the WPA 
standard. NETGEAR, Inc. wireless products that had their Wi-Fi certification approved before 
August, 2003 will have one year to add WPA so as to maintain their Wi-Fi certification.
WPA/WPA2 requires software changes to the following: 
• Wireless access points 
• Wireless network adapters 
• Wireless client programs
Supporting a Mixture of WPA, WPA2, and WEP  
Wireless Clients is Discouraged
To support the gradual transition of WEP-based wireless networks to WPA/WPA2, a wireless AP 
can support both WEP and WPA/WPA2 clients at the same time. During the association, the 
wireless AP determines which clients use WEP and which clients use WPA/WPA2. The 
disadvantage to supporting a mixture of WEP and WPA/WPA2 clients is that the global encryption 
key is not dynamic. This is because WEP-based clients cannot support it. All other benefits to the 
WPA clients, such as integrity, are maintained.
However, a mixed mode supporting WPA/WPA2 and non-WPA/WPA2 clients would offer 
network security that is no better than that obtained with a non-WPA/WPA2 network, and thus this 
mode of operation is discouraged.