Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

Comments

3 comments

Sort by Date Votes
  • Avatar
    FirewallaSupportDesk

    AirSnitch is a set of techniques that allow a malicious device already connected to a Wi-Fi network to:

    • Bypass “client isolation” — a feature meant to stop clients from talking to each other on the same network. 

    • Intercept and manipulate other clients’ network traffic — essentially acting as a **man-in-the-middle (MitM)**for both uplink and downlink traffic. 

    The key here is the device is already authenticated with the network... A "trusted device" can do a lot of things on the network. The best way to guard against these is simply segment or micro segmentation; either using different SSID/PPSK or VqLAN/VLAN.

    0
    Comment actions Permalink
  • Avatar
    Drew Dunsmore

    My understanding is that AirSnitch can work across SSIDs that use the same AP or other connecting infrastructure. If we have a guest network on a different SSID, should we disable it until a patch is available?

    1
    Comment actions Permalink
  • Avatar
    Firewalla

    The best solution is to use VqLAN (if you have AP7) or SSID -> VLAN mapping; these will protect and segment your network at layer 2 (VqLAN) and layer 2/3 (VLAN) These are better methods to make a guest network, and fully isolate from any type of layer 1 attack (such as those from Airsnitch)

     

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post