Whitepaper – Bypassing Port Security in 2018

At DEF CON 26 we introduced an attack that can be used to bypass 802.1x-2010 and MACsec when weak EAP methods are used. The attack, known as a Rogue Gateway, forces the supplicant to authenticate with a rogue radius server by mechanically diverting ethernet traffic to the attacker’s rogue device. The attack can be performed remotely with the assistance of a side channel interface, and can also be implemented completely in software to attack 802.1x-2004. We also introduced several improvements to the classical bridge-based 802.1x bypass, along with EAP-MD5 Forced Reauthentication attack.

These contributions are described in detail in our white paper on the subject, which can be found at the following URL:

DEF CON 26 – Gabriel Ryan – Whitepaper – Bypassing Port-Security In 2018 – Defeating MacSEC and 802.1x-2010

Additionally, the source code for our proof of concept tool silentbridge can be found at the following repository on Github:

https://github.com/s0lst1c3/silentbridge

A video recording of the original presentation, including live demos, is available here:

The slides from our presentation at DEF CON can be found here:

DEF CON 26 – Gabriel Ryan – Owning the LAN in 2018 – Defeating MACsec and 802.1x-2010 – Updated – final

Are you experiencing a
Security Incident?

We are here to help 24/7. In addition to providing immediate assistance, Digital Silence offers a suite of remediation services designed to help organizations get back to business.