CLEANACCESS Archives

October 2006

CLEANACCESS@LISTSERV.MIAMIOH.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Around clean access
From:
Joe Feise <[log in to unmask]>
Reply To:
Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:
Fri, 20 Oct 2006 11:47:39 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (23 lines) 
On Fri, 20 Oct 2006 09:48:18 -0400, Joyce, Todd N <[log in to unmask]> wrote:

>I have a user that I am not sure has let another user change her
>computer to linux.  When I use the OS detection from the server I get
>NOT detected yet.  (cam/cas 4.0.2 client 4.0.0.1).  I am also seeing a
>lot of Macintosh computers this year.  I know we have an increase in
>users but I don't think it is as many as CCA is reporting
>
> 
>
>Starting to do some research and found some interesting stuff on
>Slickdeals of all places

http://www.securityfocus.com/archive/1/444424/30/0/threaded
It is no surprise that code shows up in the wild. As I said in another
thread, a reasonably smart computer science student can easily bypass the
TCP fingerprinting. And it is no surprise either that they help their fellow
non-CS students to get around the OS detection.
Our proof-of-concept code changes the TCP parameters to match a Mac, but it
could be any one of the currently 21 operating systems the underlying
security cloak tool supports. Or the TCP parameters could be changed
manually to values that aren't found in any OS.

ATOM RSS1 RSS2