Posted by dandriff on Thursday January 18, 2007@10:30AM
Today I found an additional Cisco Clean Access Agent workaround. This method works by taking advantage of its weak protection against mac address spoofing (aka mac address cloning) of other active network users.
I have only tested it over the wireless (802.11) network; I am not certain that it would work on an wired ethernet network, but I would expect that it would work more or less the same as long as you can get the mac address of an active client.
One may gain access to all the network resources that are available to legitimate users by using a packet sniffer (such as Wireshark) to passively collect and subsequently use the mac address from a machine which is currently active and authenticated on the desired network. Once the mac address on the unauthorized machine is set to that of the target, no further authentication OS detection are performed for the full duration of the network session.
Keywords: