Multipath TCP IDS Evasion and Mitigation
2015 (English)In: Information Security: 18th International Conference, ISC 2015, Trondheim, Norway, September 9-11, 2015, Proceedings, Springer, 2015, Vol. 9290, 265-282 p.Conference paper (Refereed)
The existing network security infrastructure is not ready for future protocols such as Multipath TCP (MPTCP). The outcome is that middleboxes are configured to block such protocols. This paper studies the security risk that arises if future protocols are used over unaware infrastructures. In particular, the practicality and severity of cross-path fragmentation attacks utilizing MPTCP against the signature-matching capability of the Snort intrusion detection system (IDS) is investigated. Results reveal that the attack is realistic and opens the possibility to evade any signature-based IDS. To mitigate the attack, a solution is also proposed in the form of the MPTCP Linker tool. The work outlines the importance of MPTCP support in future network security middleboxes.
Place, publisher, year, edition, pages
Springer, 2015. Vol. 9290, 265-282 p.
Lecture Notes in Computer Science, ISSN 0302-9743 ; 9290
IdentifiersURN: urn:nbn:se:kau:diva-39058DOI: 10.1007/978-3-319-23318-5_15ISI: 000363678700015ISBN: 978-3-319-23317-8OAI: oai:DiVA.org:kau-39058DiVA: diva2:895187
The 18th Information Security Conference (ISC), Trondheim, Norway, September 9-11, 2015.