UCI Housing Network and Cable TV Issues

Over the last week and a half, I have been busy coming up with ways to bypass the CCA client installation on Windows.
In my last post on this topic I had already hinted at the idea.
Basically, the current CCA version (now called Cisco NAC Appliance) uses a variety of methods to determine the operating system the connection is made from. Cisco has come quite a way from the simple and trivially defeatable browser user-agent string... With the use of the user-agent string, they violated one of the basic laws of Web development: never trust data sent by the client...
They are now using multiple avenues to detect the OS. They still use client data: the browser user-agent, and in addition get the OS string through Javascript. These are still trivially circumvented.
In addition, though, they use more sophisticated methods. Namely, they use the TCP fingerprint and possibly the SSL negotiation phase to determine the OS.
Every network implementation has different settings and ideosyncracies. Lists of such ideosyncracies are readily available for all popular operating systems. So, by comparing the ideosyncracies of the connection to such a list, it is possible to determine the OS.
That leaves us with finding ways to change the ideosyncracies reported, so that the comparison with a list doesn't work anymore.
And that is exactly what a colleague and I have done.
We have identified a way to get around the CCA OS detection:
Modifying the TCP parameters. A description of this method has been posted to Bugtraq and the Full Disclosure mailing list. We made a program available that makes the process really painless.

So, to make a long story short, the program to bypass the CCA installation on Windows is here. Instructions are here.

And to make it even easier to use, we have created a setup program that installs the tool on any Windows machine. Get it here.

This post is licensed under a Creative Commons License.