Nytro Posted August 7, 2014 Report Posted August 7, 2014 Blackhat USA Multipath TCP Tool Release & Audience ChallengeWe hope everyone found something interesting in our talk today on Multipath TCP. We’ve posted the tools and documents mentioned in the talk at: https://github.com/Neohapsis/mptcp-abuse At the end we invited participants to explore MPTCP in a little more depth via a PCAP challenge. Without further ado, here’s the PCAP: neohapsis_mptcp_challenge.pcapng It’s a simple scenario: one MPTCP-capable machine sending data to another. The challenge is “simply” to reassemble and recover the original data. The data itself is not complex so you should be able to tell if you’re on the right track, but getting it exactly right will require some understanding of how MPTCP works. If you think you have it, tweet us and follow us (@secvalve and @coffeetocode) and we’ll PM you to check your solution. You can also ask for questions/clarifications on twitter; use #BHMPTCP so others can follow along. Winner snags a $100 Amazon gift card! Hints #0:The latest version of Wireshark supports decoding mptcp options (see “tcp.options.mptcp”). The scapy version in the git repo is based on Nicolas Maitre’s and supports decoding mptcp options. It will help although you don’t strictly need it. The is an mptcp option field to tell the receiver how a tcp packet fits into the overall logical mptcp data flow (what it is and how it works is an exercise for the user ) It’s possible to get close with techniques that don’t fully understand MPTCP (you’ll know you’re close). However the full solution should match exactly (we’ll use md5sum) Depending on how people do and questions we get, we’ll update here with a few more hints tonight or tomorrow. Once we’ve got a winner, we’ll post the solution and code examples.Sursa: Neohapsis Labs | Blackhat USA Multipath TCP Tool Release & Audience Challenge Quote
