Hi,
I have an AT&T fiber connection at home that relies on a crappy,
proprietary, and insecure [1] router that does proprietary authentication
with upstream equipment via EAP over 802.1x. Some folks have figured out
how to bypass it by putting the AT&T router behind their actual firewalls
and proxying the 802.1x packets to/from the AT&T device, thus faking out
the upstream gateway.
Unfortunately, the common solution [2] for this is Linux-specific and
relies on their PF_RING stuff. I was hoping to proxy this protocol in
OpenBSD without having to use something slow like pcap. As far as I can
tell from reading man pages, PF does not support this network layer
protocol (0x888E). Does anybody have any ideas on how I might efficiently
capture these packets and copy them to another interface?
Chris
[1] https://www.nomotion.net/blog/sharknatto/
[2] https://github.com/jaysoffian/eap_proxy
No comments:
Post a Comment