MultiPath TCP (MPTCP) is an extension to TCP that enables sessions to use multiple network endpoints and multiple network paths at the same time, and to change addresses in the middle of a connection. MPTCP works transparently over most existing network infrastructure, yet very few security and network management tools can correctly interpret MPTCP streams. With MPTCP network security is changed: how do you secure traffic when you can't see it all and when the endpoint addresses change in the middle of a connection?
This session shows you how MPTCP breaks assumptions about how TCP works, and how it can be used to evade security controls. We will also show tools and strategies for understanding and mitigating the risk of MPTCP-capable devices on a network.
Catherine (Kate) Pearce is a Security Consultant at Neohapsis. Kate spends half her time breaking applications and networks, half her time working to secure systems being built, and half her time tinkering with standards to find where the designer missed something. Bred, born, and raised in New Zealand, Kate's a Kiwi who was pulled all the way from Middle Earth to New England a while back. While in the USA, she will tolerate a single sheep joke per person - as long as it's targeted at Australians.
Patrick Thomas is a recovering software developer turned penetration tester with Neohapsis (now Cisco). He works on offensive and defensive security tools, with an emphasis on web application security, web malware, and social engineering. He has previously spoken at Black Hat, DEFCON, SecTor, AppSec Cali, and others.