Topic: MiTM and chillispot
If I'm correct, chillispot by default prevents an arp spoofing attack on the gateway. A client's arp entries can be messed with, but the overall effect is the loss of routing to the gateway, so no traffic can be sniffed.
I'm just learning about this because I was told chillispot is vulnerable to arp spoofing, but after testing it myself I have concluded that it is not.
Furthermore I have discovered that many APs support AP isolation, which I am now enabling on any portal.