954,323 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
Ad: Download FREE Network Management Software from Spiceworks
1 Year Ago
0

Securing end users data in public Wireless Access Points

Hi, I'm trying to figure out a way to configure a Wireless Access Point (WAP) in a way that gives access to everyone and in the same time forbids packet sniffing and accessing each other computers.

What I thought about so far is setting firewall rules on the WAP like that:
firewall block 192.0.0.0 255.0.0.0

the WAP Gateway IP is for example 192.168.0.1 so no one can ping or access other WLAN users.

The question:
1- With such firewall rule, can users sniff LAN packets although they can't reach each other? I think yes they can, but I'm not sure.
2- If can sniff, is there any way to isolate users totally (VLAN for each user over WLAN)?

If I set security for encryption like WAP2/PSK TKIP/AES and of course I'll have to give the key to everyone, will that improve the situation?
I understood that WAP2/PSK AES/TKIP will give random encryption key to each user although the primary key is shared, so I thought that is more secure. but can they still capture each other packets?

I was thinking of setting a server to detect PCs with promiscious mode NIC, for example forge a ping request with wrong MAC and see if I get a response, if I get a response, I should black list the user.

Tell me more about public WAP security, is my understanding correct?

P.S. the product is DD-WRT router with WiFiDog.
Thank you for reading.

ausrasul
Newbie Poster
10 posts since Oct 2009
Reputation Points: 10
Solved Threads: 0
 
1 Year Ago
0

You can not prevent packet sniffing in a wireless LAN.

If I have a wlan adapter running in promiscuous-mode, it will be able to, listen to all packets sent within range of my antenna, no matter how you configure your router.

I will be able to record all traffic (within range) and, if it is un/decrypted, recreate all the sessions, for whatever purpose I want (if I can reach both the client and the access point, without packet-loss).


You can't have wireless-network safety without encryption.!
WPA2 is afaik still the best, if you use a properly strong key

and btw, the MAC address range is about 281.47498 E12.
Scanning that range with "forged" ping request's, within a reasonable time, will be a challenge on it's own :)

jak0b
Junior Poster
157 posts since Jan 2011
Reputation Points: 54
Solved Threads: 25
 
1 Year Ago
0

please search for
HotSpot/ Service Gateway Series
I remember that ZyXEL had some of them

you'll not be able to prevent sniffing but the rest is ok

second if you are concerned by the sniffed traffic
and "guests" are your laptops (for example you need to prevent sniffing on laptops which leave the office into free wifi networks
you could implement VPN connection to your site

larieu
Newbie Poster
5 posts since Jan 2010
Reputation Points: 10
Solved Threads: 0
 

This article has been dead for over three months

Post: Markdown Syntax: Formatting Help
You
View similar articles that have also been tagged:
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed