The THC SSL Do. S Threat Ever since computers became ubiquitous and affordable they have attracted malicious users as well as those who use computers for altruistic purposes. These malicious users– sometimes called “black hats” or “crackers”– often try and take servers, desktops or entire networks offline using something called a Denial of Service attack or “Do.
New DOS Tool Overloads SSL Servers. A newly released denial-of-service (DOS) tool can be used to. The Hackers Choice claims that running from a laptop. Posts about The Hackers Choice written by flaviusso. Flaviusso & La Scaricata. Sostiene di aver creato uno strumento denominato TCH-SSL-DOS.
S.” There are two main kinds of Do. S: a Distributed Denial of Service attack, where multiple computers called “Slaves” or “zombies” flood the target with data such as ICMP pings, UDP packets, TCP SYN packets or a wide array of other packets, with the goal of sending so much data that the target crashes; and the Single node or “Do. S” attack, in which a malformed packet is sent once or until the server goes offline. But single node Denial of Service attacks are still a large threat because of an attack known as resource exhaustion. This type of attack, as its name suggests, works by forcing the server to do functions that take up a lot of resources over and over again until it runs out of resources to do that function with (often RAM and CPU power) and then crashes or stops doing its intended function. For HTTP (the protocol used for website access), a tool exists called Slowloris which half opens many HTTP connections and keeps them half open preventing non- malicious users from connecting from the server. For older versions of Apache, a tool called Apache killer is available, but it does not work on the most recent version of Apache and various IDS/IPS (Intrusion Detection and Intrusion Protection) solutions can stop it.
This article will explain how this attack works and how to mitigate it. While the authentication of SSL is vulnerable to Man- In- The- Middle attacks, as discovered by Moxie Marlinspike, such as sslstrip and sslsniff, the encryption on the server is very strong—so strong, in fact, that it is vulnerable to a Resource Exhaustion Attack. This means that if an attacker were to open one or more SSL sockets to a server using an SSL encrypted protocol, it would waste a tremendous amount of resources on that server.
The THC SSL- DOS program is extremely simple to use: there is a windows binary, and source code with a make file that is available for UNIX users. Now let us field test this attack we will target an Apache 2.
R1 with mod. Let’s see if the original Proof Of Concept tool released by THC works. Hmmm, it seems that modern implementations of mod. This means that the original implementation of this vulnerability is ineffective, but we are not without options. If you recall, there is still a way to exploit this vulnerability if key renegotiation is disabled.
A function that opens say 1. Slowloris tool) should Do. S a SSL server. Though on various live targets it may be faster or slower depending on both party’s bandwidth, performance of both the attacker’s and the target’s hardware and what countermeasures are in place. The simplest is to limit or disable SSL key renegotiation. This makes it harder for one computer to take an SSL server off line because they cannot have each socket re- key but they can still open new sockets, which requires a key to be generated.
Another mitigation technique is to outfit the server with a SSL accelerator, which is a piece of hardware designed to optimize servers for SSL computation, making it take many more computers to effectively implement a SSL DOS. However, none of these defensive techniques by themselves will eliminate the threats posed by SSL Denial of Service. Unfortunately, the vulnerability this tool exploits is difficult to defend against because the vulnerability lies in the SSL protocol its self, not an implementation of that protocol. This means that unless the SSL protocol is re- written or all Servers that make use of it are given unlimited computing power, the threat presented by SSL Do.
S will still exist.
- The Hacker’s Choice releases SSL DOS Tool. German hacker group “The Hacker’s Choice” officially released a new DDoS tool. The Hacker News and The Hackers.
- The Hacker’s Choice releases SSL DOS Tool
- THC-SSL-DOS exploits this.
- Die deutsche Hackergruppe 'The Hackers Choice'. Diese Secure Socket Layer arbeiten mit.
- THC SSL DoS/DDoS Tool Released For. Other SSL enabled ports are more unlikely to.
- THC SSL Denial Of Service Tool 1.4 Windows Version. It is a powerful tool for hackers and network administrators.
- Attack Tool Exploits SSL Vulnerability to Create DoS Attack.