Given the nature of wireless LANs and the environment at Defcon, it's amazing the DC11 wireless worked as well as it did.

802.11 is trivial to DoS--so trivial I don't know why anyone bothers. Why send disassociation frames when a cheap microwave oven causes similar issues? Every security mechanism for it involves either shared keys (useless with 4,000 potential users) or credentials that aren't worth the bother for a 3-day conference. If that's not enough, you have the wireless spectrum getting crowded with a bunch of private APs set up in hotel rooms.

Furthermore, the goons are already busy enough dealing with everyday shenanigans without chasing down rogue APs, too. Fucking with the wireless LAN ranks way down on the annoyances list, below the many things in the categories, "shit that can get us into legal trouble" and "just trying to keep the con running."

Now, if you wanted to get into a little gedankenwanking, it might be technically possible to set up a wireless network at Defcon that wouldn't be vulnerable to spoofed APs. All you have to do is use 802.1x, find or invent an EAP type that only authenticates the server (not the client -- like a backwards MD5), distribute the server's cert on the Defcon CD, and require anyone that uses the DC wireless LAN to have an 802.1x client supporting the mythical EAP type. That might prevent spoofed APs. It would have the added advantage of pretty good bandwidth for the three users able to do all that.

But even if it were possible to make the DC wireless LAN ultra-stable, it seems like it's just not worth the effort.

The thing is many 802.11b cards allow you to spoof the AP and send deauthentication frames to whoever you please via the use of raw sockets and frame injection. There's no sort of handshaking involved in this process, so the clients blindly obey. This can't really be prevented, other than by throwing the person doing it (and supposedly the equipment they're using) in the pool.

Not a flame, but...

802.11* is sort of the FRS of wireless networking. Ergo, you've got to expect people to screw with it, particularly at Defcon. As for tracking them down - screw it. It's precisely the sort of environment that this kind of thing is best contained to.

What I can't figure out is why people feel the need to ARP spoof on an open AP. It just seems sorta... Redundant.