This is a broad and new topic that is an evolving conversation, there is not a roadmap or guidance to MPTCP's effect just yet.
The issue is that “fragments” of malware or an attack can come
in through separate paths, therefore evading detection. The quotation of “fragments” is because this is not traditional fragmentation that firewalls in general usually think about or know how to deal with (per NSS labs, etc). Other
than buffering/normalizing/reconstructing content on the firewall (which SonicWall will not do), the most likely action will be to disable multi-path TCP
capability from behind the firewall. That’d be the short term
solution, and DPI technology is not yet sure what the long term solution will be.
No comments:
Post a Comment