Hi, I'm trying to figure out a way to configure a Wireless Access Point (WAP) in a way that gives access to everyone and in the same time forbids packet sniffing and accessing each other computers.
the WAP Gateway IP is for example 192.168.0.1 so no one can ping or access other WLAN users.
1- With such firewall rule, can users sniff LAN packets although they can't reach each other? I think yes they can, but I'm not sure.
2- If can sniff, is there any way to isolate users totally (VLAN for each user over WLAN)?
If I set security for encryption like WAP2/PSK TKIP/AES and of course I'll have to give the key to everyone, will that improve the situation?
I understood that WAP2/PSK AES/TKIP will give random encryption key to each user although the primary key is shared, so I thought that is more secure. but can they still capture each other packets?
I was thinking of setting a server to detect PCs with promiscious mode NIC, for example forge a ping request with wrong MAC and see if I get a response, if I get a response, I should black list the user.
Tell me more about public WAP security, is my understanding correct?
P.S. the product is DD-WRT router with WiFiDog.
Thank you for reading.