Multipath Madness, MPTCP, and Beyond - feat HTTP evasive fragmentation

Presented at Kiwicon 9: Cyberwar Is Hell (2015), Dec. 10, 2015, 1:45 p.m. (30 minutes)

MultiPath TCP (MPTCP) is an extension to TCP that works over existing networks and improves networks perform better for end users. It seems to unsettle network operators, and scare network security practitioners, but is fascinating to security people. When we discussed MPTCP's network security implications at Black Hat USA 2014 we found an annoying number of people thought that blocking MPTCP would keep the status quo. They were wrong... While MPTCP uncovered some new techniques at filter and inspection evasion, what isn't so obvious is that related techniques have been possible for years - without using MPTCP. In this talk, I briefly discuss MPTCP and its implications, and then discuss how to undertake similar attacks over HTTP by abusing HTTP range requests. As well as introducing tools and techniques abusing HTTP range requests, we produce HTTP requests that end before they start and only truly start after they end.

Presenters:

• Kate Pearce
  Catherine Pearce (@secvalve) is a Senior Security Consultant at Cisco. She refuses to specialize and as a result spends some time security testing, some time helping the builders, and sometime dreaming about breaking a better world.

Links:

• https://2015.kiwicon.org/the-con/talks/#e206

Similar Presentations:

• NolaCon 2015 / Multipath tcp - Breaking Today’s networks with tomorrow’s protocols
• Black Hat USA 2014 / Multipath TCP: Breaking Today's Networks with Tomorrow's Protocols
• Black Hat USA 2016 / HTTP/2 & QUIC - Teaching Good Protocols To Do Bad Things