[rocky1138]

Is there any way to mitigate this without limiting abilities of people on the network? It kind of destroys the point of a LAN.

[dx034]

Did you ever use LAN functionalities in public Wifi (e.g. Starbucks)?

[reaperducer]

I did once at a hotel. Someone on the LAN kept what appeared to be his entire MP3 collection in his Shared folder. So I downloaded the whole thing.

Turned out he had crap taste in music and I ended up deleting my copy.

[toolz]

don't take my word for it, but I'd bet you could disallow LAN comms on port 80 and prevent this. Typically a toxic client would flood the arp table until the router believed the toxic client should receive all communications and then the toxic client would mitm and forward traffic on the expected port to other normal clients...if the toxic client can't send stuff on port 80 to a normal client they can't easily mitm them

[pnutjam]

Yeah, but it would still redirect, since that's a different layer of the IP stack.

You could prevent wifi clients from communicating arp packets, I think that would allow most things to work.

If you have a corporate wifi system, you should be watching for arp poisoning anyway. If it's a public system, most people aren't using it to communicate between wifi devices. Most android devices that communicate via wifi will generate their own wifi network for the duration of the communication.