Did anyone already think about how to analyze MPTCP with Argus?

el draco eldraco at gmail.com
Thu Jul 31 09:31:19 EDT 2014


Hi list.
Reading about next weekend BlackHat talk about MultiPath TCP protocols
breaking traffic inspection and trust models, I started wondering if
any of you though about how would Argus deal with this.

I don't have any implementation yet, so I can not try it. There should
be a way to detect that MPTCP is at least being used right? If you can
not see the other 'new' flows... maybe you can detect that the
protocol seems to be broken but is not retransmitting? I'm imaging
some type of anomaly detection algorithm may be able to catch this.

http://labs.neohapsis.com/2014/07/29/multipath-tcp-blackhat-briefings-teaser/


See you
sebas



More information about the argus mailing list