0

Given a secure wireless network (lets say WPA2) with clients A and B, what level of traffic can A see from B? if the router has "wireless isolation" enabled? does it make a difference?

user2813274
  • 2,051
  • 2
  • 13
  • 18

1 Answers1

2

This has already been asked and answered multiple times. Best answer is here: An attacker knowing the password can intercept with WEP, WPA-PSK and WPA2-PSK, but with Enterprise WPA/WPA2 + 802.1X authentication instead of PSK every client gets its own encrypted "tunnel".

PSK also has the disadvantage of being a "shared secret": changing is hard, as everyone needs to be notified, and is easier to get known to third parties, the more people are using it.

Wireless isolation doesn't solve the problem. It isolates the devices from each other on an IP level, this is true, but the attack outlined in the answer linked above still works. Wireless isolation works on a "higher level" than the attack: it stops ip packages from going from one host to another. Furthermore, when used in combination with PSK, this "wireless isolation" is snakeoil (like MAC whitelisting or SSID hiding). You don't get any real advantage from enabling it. By doing MITM attacks, which are easy when the PSK is known, it can be bypassed.

user10008
  • 4,315
  • 21
  • 33