Bypassing Advanced Device Profiling with DHCP Packet Manipulation

Explore advanced device profiling bypass techniques through DHCP packet manipulation in this NorthSec conference talk. Delve into Network Access Control mechanisms, focusing on sophisticated device identification methods beyond simple MAC address checks. Learn how crafted DHCP packets can trick inspection engines into perceiving attacking devices as legitimate. Examine case studies demonstrating successful bypasses, understand associated risks, and discover mitigation strategies. Gain insights into a novel client-based DHCP attack that differs from traditional denial of service or rogue server approaches. Follow along as the speaker presents a proof-of-concept tool for defining custom DHCP payloads to mimic arbitrary device fingerprints, filling a gap in publicly available resources on this topic.

Introduction
Outline
What is Network Access Control
Where is it implemented
Two layers of defense
Device profiling
Device profiling mechanics
DHCP discover packet
Vendor class identifier
DHCP profiler policy
Bypass device profiling
Case study A
Case study B
Case study C
Risk mitigation
Proof of concept