Ever noticed that on some WiFi networks, you can scan and see every connected device. On others, you can only see the access point.
Why the difference? It’s because of a wifi feature called Client Isolation (aka AP Isolation).
When Client Isolation is enabled, WiFi clients are prevented from talking directly to each other. Every packet must go through the gateway first. It’s like putting each guest in their own private hallway to the router.
Security benefits of Client Isolation include:
- Client Isolation stops attackers from scanning other devices on the network
- C.I. prevents lateral movement between WiFi clients
- C.I. Blocks ARP spoofing and MITM attacks at Layer 2
Coffee shops and hotels should enable Client Isolation. Many don’t. đź‘€
Why this matters for my CTF:
When you join a hacking competition, everyone’s running offensive tools—port scanners, exploit frameworks, packet sniffers. Without client isolation, participants could accidentally (or intentionally) target each other instead of the challenge.
My WiFi CTF enables client isolation so participants can focus on hacking the intended target, not each other’s laptops. You can run Nmap all day and you’ll only see the CTF server, not your neighbor’s MacBook.
Want to learn more hands-on?
Join me tomorrow (Saturday) for a free WiFi CTF at Big Block Brewery in Carnation, WA from 1-4 PM. We’ll explore WiFi security, network reconnaissance, and capture-the-flag challenges on a purpose-built vulnerable network—safely isolated from each other.
🍺 Location: https://www.bigblockbrewery.com/carnation-taproom
đź“ť Sign up: https://wifictf.patrickmccanna.net
Bring a laptop. Grab a beer. Hack some things (legally and safely).
#cybersecurity #wifi #ctf #infosec #networking #seattle