bypassing 802 1x
play

Bypassing 802.1X In an IPv6 environment Introduction and motivation - PowerPoint PPT Presentation

Jun 27, 2023 •171 likes •357 views

Robert Diepeveen & Ruben de Vries Bypassing 802.1X In an IPv6 environment Introduction and motivation What is 802.1X? IEEE standard Port-based network access protocol Authentication mechanism for devices wishing to attach to

  1. Robert Diepeveen & Ruben de Vries Bypassing 802.1X In an IPv6 environment

  2. Introduction and motivation ● What is 802.1X? ● IEEE standard ● Port-based network access protocol ● Authentication mechanism for devices wishing to attach to a network ● Why in an IPv6 environment? Research Project #2 2

  3. Research question Is it possible to bypass 802.1X in an IPv6 environment? Yes it is! Research Project #2 3

  4. Research outline ● What is 802.1X? ● How is this attack performed in an IPv4 environment? ● Key components ● What are the theoretical differences between IPv4 and IPv6? ● How do these key components translate? Research Project #2 4

  5. 802.1X in detail source: Wikipedia Research Project #2 5

  6. Test environment Research Project #2 6

  7. Bypassing 802.1X in IPv4 ● Place device on the physical link between victim workstation and authenticator ● Make sure the victim host remains connected to the network while setting up the device ● Be invisible ● Gain access to the network via the attacker box Research Project #2 7

  8. Bypassing 802.1X in IPv4 Attacker box Research Project #2 8

  9. Attacker box properties ● Bridging network traffic ● At least two ethernet interfaces ● Forward EAPOL packets ● Invisible for the switch ● E.g. do not respond to ARP requests ● Mimic the victim workstation ● SNAT with iptables —> IP ● SNAT with ebtables —> MAC Research Project #2 9

  10. Differences between IPv4 and IPv6 ● MAC to IP address mapping IPv4: ARP ● IPv6: NDP ● ● Neighbor Advertisements/Sollicitations ● Generally no NAT needed in IPv6 However, people insisted (NAT66) ● Research Project #2 10

  11. Bypassing 802.1X in IPv6 ● Similar to IPv4 bypass ● Bridge needs to learn neighbours by sniffing NDP messages ● Same for ARP ● Victim host to bypass device communication Research Project #2 11

  12. Bypassing 802.1X in IPv6 Research Project #2 12

  13. Dot1X security violation Research Project #2 13

  14. Bypassing 802.1X in IPv6 Research Project #2 14

  15. Discussion ● Not every packet/frame is encrypted or authenticated ● Layer 2 vs layer 3 security ● Mitigation techniques ● MACsec, IPsec, SEND, HIDS ● Kernel bug ● Linux Kali used on Raspberry (4.1.7) ● NAT66 bug in Linux kernel versions < 4.3 Research Project #2 15

  16. Conclusion ● Is it possible to bypass 802.1X in an IPv6 environment? ● Yes it is! ● Attacks in both environments are not that different Research Project #2 16

  17. Future work ● Mitigation techniques ● Investigate feasibility of the attack in a MACsec/IPsec/.. enabled environment ● Remote access ● Add a third (4G) interface to access the attacker box remotely ● Device portability ● Patch kernel ● Different Linux distribution ● Open-source wired 802.1X switches Research Project #2 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Bypassing Memory Protections: The Future of Exploitation Alexander Sotirov alex@sotirov.net

Bypassing Memory Protections: The Future of Exploitation Alexander Sotirov alex@sotirov.net

Bypassing Memory Protections: The Future of Exploitation Alexander Sotirov alex@sotirov.net About me Exploit development since 1999 Research into reliable exploitation techniques: Heap Feng Shui in JavaScript Bypassing browser

1.1k views • 48 slides
Bypassing Web Application Firewalls an approach for pentesters KHALIL BIJJOU SECURITY

Bypassing Web Application Firewalls an approach for pentesters KHALIL BIJJOU SECURITY

Bypassing Web Application Firewalls an approach for pentesters KHALIL BIJJOU SECURITY CONSULTANT 17 th November 2017 BYPASSING A WAF WHY? Number of deployed Web Application Firewalls (WAFs) is increasing WAFs make a penetration

533 views • 34 slides
Bypassing the hubs - The potential of secondary European airports in the long haul sector Sven

Bypassing the hubs - The potential of secondary European airports in the long haul sector Sven

Bypassing the hubs - The potential of secondary European airports in the long haul sector Sven Maertens / DLR 7th Conference on Applied Infrastructure Research, OCT 10-11, 2008 Sven Maertens DLR Bypassing the hubs Page 1 Structure

559 views • 22 slides
Bypassing Microsoft JEA role capabilities for fun &amp; profit whoami Cristhian Parrot -

Bypassing Microsoft JEA role capabilities for fun &amp; profit whoami Cristhian Parrot -

Bypassing Microsoft JEA role capabilities for fun &amp; profit whoami Cristhian Parrot - @elc0rr3Km1n0s Sr. Penetration Tester &amp; Lead Auditor @Airbus Father, Bug Hunter, Tech-entrepreneur Plan Intro Install Prerequisites

376 views • 22 slides
Breaking Through Another Side Bypassing Firmware Security Boundaries from Embedded Controller

Breaking Through Another Side Bypassing Firmware Security Boundaries from Embedded Controller

Breaking Through Another Side Bypassing Firmware Security Boundaries from Embedded Controller Alex Matrosov Alexandre Gazet Actually 5 months of passionate reverse-engineering nights Disclaimer All the details given about BIOS Guard

968 views • 77 slides
Mobile operators vs. Hackers: new security measures for new bypassing techniques ptsecurity.com

Mobile operators vs. Hackers: new security measures for new bypassing techniques ptsecurity.com

Sergey Puzankov Mobile operators vs. Hackers: new security measures for new bypassing techniques ptsecurity.com SS7 in the 20 th century SCP STP STP SSP SCP STP STP PSTN SSP SSP SS7 Signaling System #7, a set of telephony protocols

937 views • 60 slides
Bypassing the Language Bottleneck Alexei (Alyosha) Efros UC Berkeley Collaborators David

Bypassing the Language Bottleneck Alexei (Alyosha) Efros UC Berkeley Collaborators David

Visual Understanding without Naming: Bypassing the Language Bottleneck Alexei (Alyosha) Efros UC Berkeley Collaborators David Abhinav Scott Martial Natasha Yaser Satkin Fouhey Gupta Hebert Kholgade Sheikh Vincent Ivan Josef

1.26k views • 83 slides
Bypassing ISP and Enterprise Anti- DDoS with 90s technology Dennis Rand

Bypassing ISP and Enterprise Anti- DDoS with 90s technology Dennis Rand

So you think IoT DDoS botnets are dangerous Bypassing ISP and Enterprise Anti- DDoS with 90s technology Dennis Rand https://www.ecrimelabs.com @DennisRand About me Im a security researcher and founder of eCrimeLabs, based out of Denmark.

674 views • 48 slides
Exploitation on ARM Technique and bypassing defense mechanisms 07. 2010 STRI/Advance Technology

Exploitation on ARM Technique and bypassing defense mechanisms 07. 2010 STRI/Advance Technology

Exploitation on ARM Technique and bypassing defense mechanisms 07. 2010 STRI/Advance Technology Lab/Security # /usr/bin/whoami Itzhak (Zuk) Avraham Researcher at Samsung Electronics Partner at PIA Follow me on twitter under

473 views • 31 slides
Bypassing Phishing Filters Shahrukh Zaidi MSc System and Network Engineering (University of

Bypassing Phishing Filters Shahrukh Zaidi MSc System and Network Engineering (University of

Bypassing Phishing Filters Shahrukh Zaidi MSc System and Network Engineering (University of Amsterdam) Supervisors: Alex Stavroulakis, Rick van Galen (KPMG) Phishing emails Special type of spam message Fraudulent social

1.11k views • 29 slides
TSIGKILL: Bypassing dynamic DNS updates authentication through signature forgery or a tale on

TSIGKILL: Bypassing dynamic DNS updates authentication through signature forgery or a tale on

TSIGKILL: Bypassing dynamic DNS updates authentication through signature forgery or a tale on how to audit a DNS server when you dont really know anything about DNS Date 17/11/2017 At GreHack By Clment Berthaux Whoami Clment

721 views • 26 slides
Bypassing Combinatorial Protections Polynomial-Time Algorithms for Single-Peaked Electorates

Bypassing Combinatorial Protections Polynomial-Time Algorithms for Single-Peaked Electorates

Bypassing Combinatorial Protections Polynomial-Time Algorithms for Single-Peaked Electorates Markus Brill COMSOC 2010 Dsseldorf Joint work with Felix Brandt, Edith Hemaspaandra, and Lane Hemaspaandra Voting Rules C = {a,b,c,...} is a

660 views • 11 slides
:: Privacy Pass :: Bypassing internet challenges anonymously Alex Davidson 1,3 Ian Goldberg 2

:: Privacy Pass :: Bypassing internet challenges anonymously Alex Davidson 1,3 Ian Goldberg 2

:: Privacy Pass :: Bypassing internet challenges anonymously Alex Davidson 1,3 Ian Goldberg 2 Nick Sullivan 3 George Tankersley 4 Filippo Valsorda 4 1 Royal Holloway, University of London 2 University of Waterloo 3 Cloudflare 4 Independent PETS

591 views • 55 slides
Bypassing CSRF Protections A Double Defeat of the Double-Submit Cookie Pattern About Me

Bypassing CSRF Protections A Double Defeat of the Double-Submit Cookie Pattern About Me

Bypassing CSRF Protections A Double Defeat of the Double-Submit Cookie Pattern About Me David Johansson (@securitybits) Security consultant since 2007 Helping clients design and build secure software Security training Based in

821 views • 25 slides
Cost-Effective Compiler Directed Memory Prefetching and Bypassing Daniel Ortega, , Eduard

Cost-Effective Compiler Directed Memory Prefetching and Bypassing Daniel Ortega, , Eduard

Cost-Effective Compiler Directed Memory Prefetching and Bypassing Daniel Ortega, , Eduard Ayguad e , Jean-Loup Baer and Mateo Valero Departamento de Arquitectura de Computadores, Department of

676 views • 39 slides
BYPASSING SECURITY RESTRICTIONS TH THE E CASE ASE OF F CVE VE-2018 2018-5955 5955 Whoami

BYPASSING SECURITY RESTRICTIONS TH THE E CASE ASE OF F CVE VE-2018 2018-5955 5955 Whoami

BYPASSING SECURITY RESTRICTIONS TH THE E CASE ASE OF F CVE VE-2018 2018-5955 5955 Whoami Ad Adam Nu Nurudin ini CEH, ITIL L V3, 3, CCNA, CCNP, CASP, PCI-DS DSS, B , BSC-IT IT Lead Security Researcher @ Netwatch Technologies

178 views • 16 slides
Pushkar Bypass Ajmer Overview There's more to Rajasthan than what meets the eye. Surrounded by

Pushkar Bypass Ajmer Overview There's more to Rajasthan than what meets the eye. Surrounded by

The Gateway Resort Pushkar Bypass Ajmer Overview There's more to Rajasthan than what meets the eye. Surrounded by the Aravalli mountains, north of Ajmer city, Gateway Ajmer finds an adequate blend between tranquility and bustle. 81 grand rooms

574 views • 18 slides
MASK: Redesigning the GPU Memory Hierarchy to Support Multi-Application Concurrency Rachata

MASK: Redesigning the GPU Memory Hierarchy to Support Multi-Application Concurrency Rachata

MASK: Redesigning the GPU Memory Hierarchy to Support Multi-Application Concurrency Rachata Ausavarungnirun Vance Miller Joshua Landgraf Saugata Ghose Jayneel Gandhi Adwait Jog Christopher J. Rossbach Onur Mutlu GPU 2

480 views • 15 slides
ROADWAY ACTION PLAN WELCOME + INTRODUCTIONS NCTCOG STAFF Michael Morris, P.E. - Director of

ROADWAY ACTION PLAN WELCOME + INTRODUCTIONS NCTCOG STAFF Michael Morris, P.E. - Director of

NORTH/SOUTH ROADWAY NEEDS AND OPPORTUNITIES February 16, 2017 1:00pm McKinney City Hall McKinney, Texas North Central Texas Council of Governments COLLIN COUNTY ROADWAY ACTION PLAN WELCOME + INTRODUCTIONS NCTCOG STAFF Michael Morris,

756 views • 34 slides
Westerham Bypass Presentation for town meeting on 25 th February Context to Bypass discussions

Westerham Bypass Presentation for town meeting on 25 th February Context to Bypass discussions

Westerham Bypass Presentation for town meeting on 25 th February Context to Bypass discussions Squerryes has been asked by WTC to review feasibility of bypass. It is at a very early stage. Bypass has been on the agenda for circa 40 plus

97 views • 8 slides
RET WORKSHOP Trainer: Vuth Ith June - 2019 connecting the mobile world Company Confidential 1

RET WORKSHOP Trainer: Vuth Ith June - 2019 connecting the mobile world Company Confidential 1

RET WORKSHOP Trainer: Vuth Ith June - 2019 connecting the mobile world Company Confidential 1 TR TRAINI AINING NG OBJE JECTIVES Gain knowledge on basic RET Systems Become familiar with Legacy &amp; NWAV RET antennas Understand

467 views • 31 slides
T-Fuzz: Fuzzing by Program Transformation Hui Peng 1 , Yan Shoshitaishvili 2 , Mathias Payer 1 1

T-Fuzz: Fuzzing by Program Transformation Hui Peng 1 , Yan Shoshitaishvili 2 , Mathias Payer 1 1

T-Fuzz: Fuzzing by Program Transformation Hui Peng 1 , Yan Shoshitaishvili 2 , Mathias Payer 1 1 2 Fuzzing as a bug finding approach Fuzzing is highly effective in finding bugs (CVEs) Developers use it as proactive defense measure:

844 views • 32 slides
State Level Reports 2010 Present The LaGrange to Macon Corridor has been noted in several

State Level Reports 2010 Present The LaGrange to Macon Corridor has been noted in several

State Level Reports 2010 Present The LaGrange to Macon Corridor has been noted in several recent or ongoing GDOT transportation plans: GDOT 2010 Freight Plan (Completed 2012) Connect Central Georgia Plan (Completed 2013) I-75

378 views • 16 slides
Flotection: Building Main Shutoff System Overview of System Retail stores have a requirement for

Flotection: Building Main Shutoff System Overview of System Retail stores have a requirement for

Flotection: Building Main Shutoff System Overview of System Retail stores have a requirement for night time monitoring of the Domestic Water Supply. When flow is detected, during the hours the store is closed, the system shuts off this supply

390 views • 17 slides

More recommend