Yes, the attacks rely on grabbing enough weak keys. In general, it is a purely passive attack so if you have low traffic on your LAN it will take ages. I have seen corporate WLAN's where it took a couple of days. Most attackers will see the acquisition speed and give up, unless they reckon you are a very worthwhile target.

Great, that means I have a little time to sort things out.

In general, I guess it depends on how paranoid you are. I tend to err on the very paranoid when setting security standards for my clients, because then they can lower the level of security if they want but they have some understanding of where they could go to if circumstances require it.

Agreed. I will secure my WLAN when I get time, but it is complicated by the way I have it set up. My LAN is a mixture of Linux, Win2k Pro and Win2k server. My WLAN has three devices on it: a Win2k Pro desktop with a PCI card in it (which is also connected to my main Ethernet segment), a Win2k Pro laptop with a PC card and a Netgear AP (which my Rio Receiver is plugged into). There are some other machines, including my Win2k Server plugged into the main Ethernet segment.

Ideally I would:

- start using IPSEC on the laptop and the other Win2k boxes
- move the PCI WLAN card to the Linux box to make use of ipchains/iptables

However, I have never used IPSEC and it looks like it could be interesting to setup. I also don't fancy the prospect of getting the PCI card WLAN adapter to work in the Linux box (because it is one of those PCCARD adapter things, which means getting all the Linux PCMCIA stuff working, yuck).

I should really also get IPSEC working on the Linux box I guess as well, seeing as the laptop currently uses POP3 to get mail from it sometimes...

If only they could have got WEP right...