Bypassing Wired Port Security

Abstract

802.1x is a part of the IEEE 802.1 group of Networking Protocols. It is mainly used to implement Port-based Network Access Control (PNAC) by providing an authenticating mechanism to connect to LAN or WAN. Existing attacks on the 802.1x are mainly focused on the older version of the protocol which does not provide encryption or enable authentication on a packet-by-packet basis. Later versions of the protocol includes MACsec to provide a two layer encryption to maintain the data integrity of the network packets. It also included support for devices like printers and VOiP phones which led to an easy attack vector. An attacker could easily spoof the MAC address to get into the corporate network. In this paper we go through the 802.1x protocol, the authentication mechanism of the protocol, the existing attacks on the protocol and a new attack to bypass Network Access Control enforced by the 802.1x. The proposed attack is an improvement on the NACKered script which was built upon the Alva Lease's Duckwall IV. We have added a couple of modules to run the responder script as well as an awareness script to keep it persistent. We end the paper by listing out the best practices that must be followed when setting up a corporate network with Network Access Control with 802.1x.