IchNee Posted October 21, 2017 Share Posted October 21, 2017 NETMODE has "transparent", but I'd like to take that further. Alva "Skip" Duckwall did a presentation at DEFCON 19, explaining that a MitM simply needs to wait for an Ethernet frame from each side of the bridge. Then you note the two MAC addresses, and simply modify the NICs at each end to match the opposite side. By doing this, your MitM simply disappears from the network cable. I don't have my Squirrel yet (but it's ordered), but I figured I'd throw this out to the world and see if anyone else would like to have this added as a NETMODE. Link to comment Share on other sites More sharing options...
mzac Posted October 21, 2017 Share Posted October 21, 2017 Hmm.. and macsec too could be an issue? Link to comment Share on other sites More sharing options...
Darren Kitchen Posted October 21, 2017 Share Posted October 21, 2017 Sounds like the LAN Turtle's Clone-Mac module. Sounds like this could probably be implemented. Link to comment Share on other sites More sharing options...
Axel1973 Posted December 14, 2017 Share Posted December 14, 2017 Hi. The Clone-module is not really helping with 802.1x. Just tested, not working. In fact the scripts from Duckwall (and others) do a bit more. They fiddle around with the bridge software and firewall. Would be nice to have this feature embedded. Link to comment Share on other sites More sharing options...
youngd24 Posted December 27, 2018 Share Posted December 27, 2018 Was there ever any movement on this? Have some NAC (Aruba Clearpass) I'd like to see if I can get around. Link to comment Share on other sites More sharing options...
JDL Posted August 15, 2019 Share Posted August 15, 2019 Bringing this back up. Any progress? Link to comment Share on other sites More sharing options...
schiiins Posted January 23, 2020 Share Posted January 23, 2020 There are multiple tools, which could be able to bypass 802.1x NAC. Found a quite promising one here: https://github.com/scipag/nac_bypass Not sure, if it could run on a Hak5-Device like the squirrel. Quote The NACkered script and our nac_bypass_setup.sh solution were written and tested on Debian-based Linux distributions, but both should be executable on other Linux distributions as well Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.