Whitepaper - Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010

By in

At DEF CON 26 we introduced an attack that can be used to bypass 802.1x-2010 and MACsec when weak EAP methods are used. The attack, known as a Rogue Gateway, forces the supplicant to authenticate with a rogue radius server by mechanically diverting ethernet traffic to the attacker’s rogue device. The attack can be performed remotely with the assistance of a side channel interface, and can also be implemented completely in software to attack 802.1x-2004. We also introduced several improvements to the classical bridge-based 802.1x bypass, along with EAP-MD5 Forced Reauthentication attack.

These contributions are described in detail in our white paper on the subject, which can be found at the following URL:

DEF CON 26 – Gabriel Ryan – Whitepaper – Bypassing Port-Security In 2018 – Defeating MacSEC and 802.1x-2010

Additionally, the source code for our proof of concept tool silentbridge can be found at the following repository on Github:

https://github.com/s0lst1c3/silentbridge

A video recording of the original presentation, including live demos, is available here:

The slides from our presentation at DEF CON can be found here:

DEF CON 26 – Gabriel Ryan – Owning the LAN in 2018 – Defeating MACsec and 802.1x-2010 – Updated – final

Leave a reply

Your email address will not be published. Required fields are marked *