HTTP/2 and QUIC - Teaching Good Protocols to Do Bad Things

by Catherine (Kate) Pearce, Carl Vincent Sept. 15, 2017 via www.blackhat.com submitted by belen_caty

QUIC is an application-layer UDP-based protocol that multiplexes connections between endpoints at the application level, rather than the kernel level. HTTP/2 (H2) is a successor to SPDY, and multiplexes different HTTP streams within a single connection. More than 10% of the top 1 Million websites are already using some of these technologies, including much of the 10 highest traffic sites. Whether you multiplex out across connections with QUIC, or multiplex into fewer connections with HTTP/2, the world has changed. This talk briefly introduces QUIC and HTTP/2, covers multiplexing attacks beyond MPTCP, discusses how you can use these techniques over QUIC and within HTTP/2, and discusses how to make sense of and defend against H2/QUIC traffic on your network. We will also demonstrate, and release, some tools with these techniques incorporated.

https://www.blackhat.com/us-16/briefings.html#http-2-and-quic-teaching-good-protocols-to-do-bad-t...

Avatar
Steven Ulm 1 month ago

Had to read it twice to make sure that I understand everything, but the presentation has a point!

Reply