Comdex Puts Wi-Fi Weaknesses on Display

Remember the early days of cell phones? When you could hope
you’d make a connection at any major business hotel or conference center, but
you couldn’t be sure? Fast forward to Fall Comdex 2002 in Las Vegas and welcome
to the current state of public Wi-Fi LANs.

While only a shadow of its former self, Comdex has a wireless
focus this year and you’d expect the show, or indeed a city such as Las Vegas
that hosts other high-tech trade shows, as the Consumer Electronics Show (CES),
to have good Wi-Fi.

You’d be wrong.

Although resellers and integrators have long made bringing
Wi-Fi to hotels and conference centers a priority, few of the hotels of the
gambling center of the universe have WLAN installed. Indeed, by my count only
the Four Seasons, with WayPort and Boingo and Embassy Suites with WayPort are
setup for the Wi-Fi business traveler.

On the other hand, based on the experiences of Wi-Fi users
at the Las Vegas Convention Center (LVCC), conventional 802.11b Wi-Fi may not
be up to the challenge of dozens to hundreds of simultaneous users. Symbol Technologies put up five public Hotspots
in the LVCC, which could handle up to 300 concurrent connections. While some
of the users were able to connect some of the time, none of the users were able
to connect all of the time.

Public Wi-Fi Woes

When they worked, the Symbol networks worked extremely well.
But, when they didn’t, it wasn’t pretty.

The problems, based on discussions with Symbol technicians
on-site, my own troubleshooting of friends and colleagues with Wi-Fi fits, and
network analysis, came from poorly set-up Wi-Fi connections. These problems
can be summed up that many people’s wireless rigs work fine — if they never
leave their home or office Hotspot — but they fail in roaming situations.

For all that people talk about the joys of roaming with their
Wi-Fi equipped laptops, the reality seems to be that about 30% of the Comdex
users weren’t using Dynamic Host Configuration Protocol (DHCP)
properly for roaming. For example, many users had Domain Name Service (DNS)
addresses and gateway hand-coded into their TCP/IP settings. Sometimes they
were able to connect, sometimes they weren’t. And, a few, weren’t set up to
use DHCP at all and that put a quick end to their roaming plans until their
systems were reconfigured.

It must also be said that many wireless users aren’t the
least bit savvy about their equipment. I saw several cases where explicit instructions
to set the Service Set Identifier (SSID) to ‘Symbol’ were
ignored. The users couldn’t understand why they needed to change from ‘ad hoc’
to ‘infrastructure’ mode to properly connect with the Symbol access points.
I also saw at least one case of someone complaining loudly to a Symbol help
desk team member that his 5GHz 802.11a card wasn’t connecting. Well,

Many systems, including mine, had trouble locking on to a
given access point in an environment where Windows XP’s SiteSurvey sometimes
showed as many as 8 access point, not to mention, laptops and PDAs in ad hoc
mode, offering their services. Like a sheep set between two loads of hay, some
systems were unable to latch on properly onto any access point in this environment.
Others showed such confusing error messages. The operating system wireless monitoring
would show no signal while the NIC’s monitoring program showed connections with
both excellent link quality and signal strength.

Another problem was equipment compatibility. While almost
everyone’s 802.11b Wi-Fi NICs were eventually able to connect with the Symbol
access points, there could be no question that the Symbol cards — provided
free to Comdex users — consistently worked better. My own D-Link AirPlus
ran like a champ… when it connected. Getting it connected often
took several tries.

Part of the reason for that problem is that 802.11b only
has, for practical purposes, three channels (channels 1, 6, and 11 in the US.)
that you can use without causing interference between access points. This, combined
with the fact that all users are competing for the same 11Mbps of total bandwidth,
made getting even enough access to try to log into Symbol’s network an adventure.

The simple truth is that no matter how many access points
you have, 802.11b doesn’t have enough channels or available bandwidth to handle
more than perhaps two or three dozens active users at a given time. Of course,
in most situations that won’t be a problem since most of the time, network administrators
are unlikely to fit that many users into an access point’s range. But, if you’re
setting up a trade show, coffee shop or classroom where big crowds are a real
possibility, 802.11g and 802.11a’s larger numbers of channel and available bandwidth
starts to look a lot more attractive in the long run.

Beyond the Setup

Symbol, to make its network as accessible as possible, didn’t
use Wired Equivalent Privacy (WEP). They did, of course, remind people that
they should use a virtual private network (VPN) if they wanted to have some
security for their online messages. Based on a quick scan of network traffic,
most people didn’t.

Another real world problem is that a quick, off-the-cuff
survey of users found only about 20% of them were running ZoneAlarm, Norton Personal Firewall, or
any other kind of personal firewall.. That’s a big mistake.

Some people might think no one’s going to peek over their
wireless LAN shoulder. They’re wrong.

Inside of an hour I saw 30 different attacks on my laptop.
Most of them were trival — attempts to ping my system — but there were numerous
attempts to access my hard drive via NetBIOS calls. While the great majority
of these attacks came from the Internet at large — almost certainly from script
kiddies randomly looking for vulnerable systems to mess around with — others
were from IP addresses within the Symbol LAN. Clearly, some of our fellow wireless
users were trying to pry into their neighbor’s machines.

The moral of the story is clear. If you’re going to be traveling
and using Wi-Fi, you must install and use some kind of personal firewall. Otherwise,
the person sitting next to you at Starbucks may walk out with a half-cup of
coffee and your personal files.

Problems and all, Symbol did an excellent job of providing
a massive wireless LAN to Comdex attendees. At the same time though, in so doing,
they showed how 802.11b is reaching a bit beyond its grasp in such deployments
and how both the technology, and its users still need to make improvements before
they can safely make the most of the technology.

802.11 Planet Conference

News Around the Web