Suppose I setup a wireless network and use authpf to restrict access to some resource (e.g., Internet access) to registered users. It seems there's a fairly simple man-in-the-middle attack:
An attacker sets up a system with two wireless NICs: one associated to my network and another configured as an access point pretending to be an access point for my network. He runs a DHCP server on the AP interface and NATs traffic to my network. (I can imagine a sufficiently clever bridge setup that would be even harder to detect, but I don't know for certain if it could work.) A legitimate user (e.g., a university student) sits down somewhere in range of the fake AP but outside of range of any legit APs (in a part of campus not yet with wifi access, or where the signal is low, or where the attacker has unplugged the APs), and connects his laptop to my network via the attacker's fake network. The user ssh's to authpf.mydomain.com, but his connection is NAT'd via the attacker's system, and so my gateway now assumes all traffic from the attacker's IP belongs to the duped user. Is there anything I'm forgetting that makes this attack infeasible? If not, is there anything that can be done to prevent it?
