0
1
So the network I am connected to has the feature ap isolation and I do understand the meaning of ap isolation, is in summary the imposibility for any device to communicate with some other with the exception of the reuter.
Today I have been using wireshark and was able to find arp requests coming from one device to another. In particular a Motorola phone connecting to the router. Taking into account there is ap isolation I wonder if this is normal behaviour or maybe I am suffering some kind of middle man attack or sniffing attempt.
Does Ap Isolation protect from middle man attacks? Does Ap Isolation do really protect against sniffing? Any explanation or insight is welcomed!
Jonathan
Posted 2018-09-22T15:59:40.780
Reputation: 1
1ARP requests are broadcasts, so I'd expect them to be exempt from the unicast "AP isolation" rules. It's definitely not a sign of MitM attacks. (BTW, broadcasts also use a different encryption key). Now if you can find ARP answers that are not addressed to you, that would be an indication of some rule failure. I don't see any connection between AP isolation and MitM prevention, but in security related issues it's easy to overlook stuff. – dirkt – 2018-09-22T16:30:30.417
Thank you dirkt. That seems correct and I do remember now some scripts which would be able to make you basically invisible to the rest of the network by disabling icmp probes arp requests etc so you are right. – Jonathan – 2018-09-22T17:02:17.267