Some Security Tools Fail With Multipath TCP

  /     /     /  
Publicated : 22/11/2024   Category : security


Some Security Tools Fail With Multipath TCP


Researchers at Black Hat USA will reveal how multipath TCP breaks assumptions about how TCP works -- and the implications for network security.



The need for hardy networking connections has led to the development of Multipath TCP (MPTCP), which allows a Transmission Control Protocol (TCP) connection to use multiple paths to maximize resource usage and increase redundancy. But the explosion in mobile and Internet of Things devices also requires network security tools keep pace with change.
Neohapsis researchers Catherine Pearce and Patrick Thomas say very few security and network management tools are up to that challenge when it comes to MPTCP streams. At a presentation at the upcoming
Black Hat USA conference
in Las Vegas, the two plan to discuss how MPTCP eviscerates assumptions about TCP that are made by both tools and network engineers alike.
TCP is a foundational protocol for communication on the Internet that has largely stood the test of time, says Thomas. Its used everywhere; its used by everything, he says. Its been around since the dawn of the Internet.
Yet TCP is not set up for the future of the Internet people are seeing now -- a highly-connected world featuring different types of connectivity, says Thomas.
This had led to the development of MPTCP, which allows TCP to talk over multiple paths simultaneously, decoupling it from a specific IP address. Doing this, however, creates a new reality for security. For starters, it affects the ability of intrusion detection systems to inspect, correlate, and reassemble traffic. This can add a new wrinkle to fragmentation attacks, Thomas says.
An intrusion detection system that is not multipath TCP-aware, sees five different connections coming from different IP addresses, has no conception that they are related, and on each of them it sees complete garbage data, he says.
If any of your security decisions, tools, thought-processes, manual processes, if they rely on any of... these four things, then something in those is going to break, he says. Those four things that weve got are: If you expect to see all app layer data within a TCP stream; if you expect to differentiate clients from servers based on the connection direction; if you expect to tamper with or close bad connections midstream; or if attempt to associate logical connections to IP addresses. If you make any security decisions based on any of those, then those security mechanisms are going to break in the face of MPTCP.
During their presentation, which is scheduled for Wednesday at 3:30 p.m., the researchers will show tools and strategies for understanding and mitigating the risk of MPTCP-capable devices on a network.
Multipath TCP changes the way the Internet works at its core, explains Pearce.
If were not ready for this the impact of this could be probably at least as great as IPv6, she says, adding that the goal of the talk at Black Hat is to raise awareness.
We want security to keep up with technology, she says.
 

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Some Security Tools Fail With Multipath TCP