Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Networking Security

Multipath TCP Introduces Security Blind Spot 60

Posted by Unknown Lamer
from the thwart-spies-and-your-friendly-sysadmin dept.
msm1267 (2804139) writes If multipath TCP is the next big thing to bring resilience and efficiency to networking, then there are some serious security issues to address before it goes mainstream. An expert at next week's Black Hat conference is expected to explain how the TCP extension leaves network security gear blind to traffic moving over multiple network streams. Today's IDS and IPS, for example, cannot correlate and re-assemble traffic as it's split over multiple paths. While such attacks are not entirely practical today, as multipath TCP becomes a fixture on popular networking gear and mobile devices, the risks will escalate. "[Multipath TCP] solves big problems we have today in an elegant fashion," said Catherine Pearce, security consultant and one of the presenters, along with Patrick Thomas. "You don't have to replace hardware or software; it handles all that stuff behind the scenes. But security tools are naïve [to MPTCP], and make assumptions that are no longer valid that were valid in the past."
This discussion has been archived. No new comments can be posted.

Multipath TCP Introduces Security Blind Spot

Comments Filter:
  • Re:Great! (Score:4, Informative)

    by Lennie (16154) on Friday August 01, 2014 @02:02PM (#47583253)

    I'm not sure what you mean, but MultiPath-TCP is about combining different technologies.

    So one part of the stream will run over Comcast, sure. But an other part will be transfered of 3G/LTE/whatever...

    In that case Comcast isn't going to get the whole stream. Good luck with your IDS and deep packet inspection.

    Al though most deep packet inspection problem looks for port-numbers, HTTP Host-headers, HTTPS SNI names and destination IP-addresses anyway. So impact in that case might not be that bad.

    An other use case for MultiPath-TCP is roaming without dropping a connection. So for example, going from one WiFi to an other Wifi network without interruption.

    If that is a different provider again Comcast won't see the whole stream.

Theory is gray, but the golden tree of life is green. -- Goethe

Working...