Client Isolation- Limits the clients to communicate only with the AP and not with other wireless clients (usually set on hotspots).
Wifitap- - Wifitap is a proof of concept for direct communication over WiFi networks using traffic injection. It basically allows one to communicate over an open or WEP 802.11 network without being associated, thus bypassing any AP side restriction such as MAC address filtering or station isolation.
Please forgive me since I am still very new if this seems like a stupid question. But based on wifitaps capabilities and being able to arp your target with wifiarp.py in conjunction with wifitap. Is this the answer, or solution for hackers to bypass client isolation?
From my current understanding. The only other ways the attacker could bypass client isolation is possibly mac spoofing or brute forcing the router username and password and adding your mac address to the list of allowed mac addresses for through traffic.
This was also found from airtightnetworks using the good old Google- "an attacker can bypass the Wi-Fi client isolation feature, by setting up a fake gateway on the wired network, poison the ARP cache on authorized Wi-Fi devices using GTK and redirect all data traffic to the fake gateway instead of redirecting it directly to his Wi-Fi device. Plus, other attacks such as malware injection, port scanning, denial of service, etc. are still possible using only the first step (sending GTK-encrypted packets)"
My router does not have the client isolation feature so I am not able to pentest any of these attacks. I would love to hear others experiences or ideas. Also, how do we defend against this if wifitap is successful or all traffic is redirected to the fake gateway.