• caglararli@hotmail.com
  • 05386281520

ARP Spoof: Will it work on public wifi networks as compared to a home network?

Çağlar Arlı      -    36 Views

ARP Spoof: Will it work on public wifi networks as compared to a home network?

I have recently successfully demonstrated a simple ARP spoofing attack on my home network. The setup in my home network, described to the best of my abilities is as follows:

  1. Optical network router (fiber optic router): connected directly to the ISP
  2. Wireless access point: connected directly to the optical network router described above
  3. Both the attacker and target machine are connected to the wireless access point

The router/AP (provided by the ISP) is left with the default settings, target device have firewall disabled, and no VPN.

I was wondering from the router/AP security point of view (assuming the target device's security is not relevant), how much more secure are public WiFi networks, and how likely is the same attack able to work?

I have read about multiple security features such as: switch port security, Dynamic ARP inspection (DAI) with DHCP snooping, wireless client isolation, static ARP entry, 802.1x, just to name a few. From my research, apart from the static ARP entry (which also works on layer 3), all these features are implemented on layer 2. This means that it is usually enabled on the wireless access point acting as the switch, but not the router (correct me if I'm wrong). However, are these features commonly implemented on a public WiFI router/AP?

If so, are there any viable options for me to simulate a public Wifi or even corporate-level, more secure network with the ability to enable these features - for security testing and learning? I have came across GNS3 (https://www.gns3.com/) but yet to test it.

Resources

  1. 802.1x: https://www.securew2.com/solutions/802-1x
  2. DAI: https://study-ccna.com/dynamic-arp-inspection-dai/
  3. Port security: https://study-ccna.com/port-security/
  4. wireless client isolation: https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/Wireless_Client_Isolation