Doesn’t need to be the case if you segment your network to protect against ARP.
- 0 Posts
- 5 Comments
Joined 1 year ago
Cake day: June 15th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Don’t have the Wi-Fi network “upstream” of the LAN. You want the connection between the LAN and Wi-Fi to be through the WAN so you get NAT protection.
The risk is the ISP Wi-Fi. As long as you’re using WPA with a good long random passkey, the risk is minimal. However, anyone who had access to your Wi-Fi could initiate an ARP spoof (essentially be a man-in-the-middle)
ETA: the ARP table in networking is a cache of which IP is associated with which MAC Address. By “poisoning” or “spoofing” this table in the router and/or clients, a bad actor can see all unencrypted traffic.
As an FYI: this set up is vulnerable to ARP spoofing. I personally wouldn’t use any ISP-owned routers other than for NAT.
This reminds me of trying to play Half Life Alyx on an Oculus.