tcp_fast_open_sstic_2014_en(1).pdf

(206 KB) Pobierz

TCP Fast Open

Bypassing pigs/suricats like a synackpshtiv ninja

Presented in the

05/06/2014

SSTIC 2014

Nicolas Collignon

and

Renaud Dubourguais

During the

Fixing TCP to help HTTP



HTTP/1.0



1 HTTP request = 1 TCP handshake



HTTP/1.1



"Keep-Alive" HTTP header

Multiple HTTP requests = 1 TCP handshake



YouTube



Still too slow!

We need something else...

2/6

TCP Fast Open



IETF draft



The aim is to speed up connections establishment

Allows data transmission in the TCP handshake

Supported since Linux 3.6

Client-side TFO is enabled by default since Linux 3.13



Impacts on the socket API



Client-side: connect() → sendto(MSG_FASTOPEN)

Server-side : setsockopt(TCP_FASTOPEN)

3/6

TFO handshake



The first HTTP connection

requires a regular 3WHS with

the TFO TCP option enabled

The server generates a TFO

cookie and send it to the client

in the SYN-ACK

Next, the client can send data

during the following 3WHS



4/6

TFO vs IDS



Data is in the SYN packet

Intermediate devices don't care about TFO

IDS don't analyse data in SYN packets



5/6

Plik z chomika:

musli_com

Inne pliki z tego folderu:

3A(1).pdf (343 KB)
A Closer Look At Ethical Hacking And Hackers(1).pdf (83 KB)
A Practical Fault Attack on Square and Multiply(1).pdf (366 KB)
A Primer on Scientific Programming with Python (2009)(1).pdf (6983 KB)
A+(2).zip (9992 KB)

tcp_fast_open_sstic_2014_en(1).pdf

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: