I am using a public wifi network.
When I start a nodejs express server at my local system at port 3000, I can access that website on another device (that is connected to the same public wifi network) by going to the http://(private ip address of nodejs host assigned by public wifi dhcp):3000/index.html , for example.
So to prevent this, I had my phone connect to the public wifi network and fired up the built in android hotspot. Then I connected my nodejs host machine to the hotspot to start the express server at port 3000.
I could no longer access that website anymore from a different device on the public wifi network because express server was now inside the private network within that public wifi network.
I can ping from a device inside the android hotspot private network to a device in the public wifi network. But the device from the public wifi network could not ping devices inside the android hotspot private network.
Is there a way for an attacker on that public wifi network to gain access to my android hotspot private network without knowing the SSID passphrase?
Could they use some kind of network pivoting technique so that they can access my private html website on port 3000? Using something like ip route add
?