It sounds like this attack would work in that scenario provided the attacker is able to connect to the guest access point.
I haven’t paid attention to one in a while but I seem to remember the need to authenticate with the guest network using Xfinity credentials. This at least makes it so attribution might be possible.
It looks like both clients must be on the same VLAN for the attack to work. They could be connected on different BSSIDs or even different SSIDs, but they still must be on the same VLAN.
As of a few years ago, you could simply spoof your MAC to that of a Comcast subscriber with these and you'd get unrestricted access on the hotspot.
It sounds like this attack would work in that scenario provided the attacker is able to connect to the guest access point.
I haven’t paid attention to one in a while but I seem to remember the need to authenticate with the guest network using Xfinity credentials. This at least makes it so attribution might be possible.
It looks like both clients must be on the same VLAN for the attack to work. They could be connected on different BSSIDs or even different SSIDs, but they still must be on the same VLAN.
If the vulnerability is between layers 1 and 2, wouldn’t that imply that VLAN tagging at layer 2 might not be effective in segregating the traffic?
Wireless cards typically don't expose the VLAN tags directly. So VLANs should be OK.
This is probably the biggest issue.
I turn WiFi mine off and use my own WiFi ap.
Yeah, along these lines I've always been biased strongly against using ISP hardware beyond the minimum required to connect to the outside world.
See also: Amazon's Sidewalk (which shares your network via Ring camerae, e.g.).
[dead]