I'm waiting for one of the professional security consulting firms to issue their weekly press release screaming "Network Operator Meeting Fails Security Test."
The wireless networks at NANOG meetings never follow what the security professionals say are mandatory, essential security practices. The NANOG wireless network doesn't use any authentication, enables broadcast SSID, has a trivial to guess SSID, doesn't use WEP, doesn't have any perimeter firewalls, etc, etc, etc. At the last NANOG meeting IIRC over 400 stations were active on the network.
Are network operators really that clueless about security, or perhaps we need to step back and re-think. What are we really trying to protect?
the nanog net is not run by network operators. it is run by some well-meaning non-op folk from merit. for example, if i can gather the patience (unlikely), next week i will join the third conference phone call to try to explain to the merit folk why it's really ok to put vern's bro ids on the incoming. and the merit powers that be specifically forbid warning folk about the wireless, showing caught passwords, ... as we do at ietf. the nanog net is run *for* operators, not *by* operators. btw, the ietf/atlanta net will be run by operators. if you would care to discuss how to make the wireless safer, we're all for it. but do not be fooled that it is an easy problem. e.g., wep is a joke, and is very hard to get people to set up. randy