Joe,

Joe,

That is a *old* report, last updated in September 2006. None of the
Clean Access 4.x.x versions are listed. Cisco responded to this, as
listed in the "References" link. Since versions 4.x.x have been out for
almost a year and a half, this report may be discarded unless it is
updated to be currently relevant.

Bruce Osborne

-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of Joe Feise
Sent: Wednesday, April 16, 2008 12:24 PM
To: [log in to unmask]
Subject: Re: [CLEANACCESS] Dirty access agent

Baynes, Faith wrote on 04/16/08 08:59:

> One of my more adventurous, but thankfully well behaved, students told
> me about it some time ago.... He also scripted a workaround to the mac
> agent because the previous iteration of that was so crummy. It is
> definitely KNOWN in the more geeky student community that dirty access
> agent exists...

Due to a fundamental design flaw of CCA, it is not possible to prevent
such bypass:
http://www.securityfocus.com/bid/19726/info
http://www.securityfocus.com/bid/19726/discuss
Even a Nessus scan won't help if the person puts a cheap Linux-based
router in 
front of the Windows box.

Disclosure: I am co-author of the security advisory.

-Joe