A newly released denial-of-service (DoS) tool can be used to bring down SSL servers using an average laptop computer and a standard DSL connection. Called THC-SSL-DoS, the tool was created by German hacking outfit The Hackers Choice (THC) and exploits a rarely used, but widely available, feature in the SSL protocol called SSL renegotiation.
- THC-SSL-DOS is a tool to verify the performance of SSL.
- Establishing a secure SSL connection requires 15x more processing power on the server than on the client.
- THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet.
- This problem affects all SSL implementations today. The vendors are aware of this problem since 2003 and the topic has been widely discussed.
- This attack further exploits the SSL secure Renegotiation feature to trigger thousands of renegotiations via single TCP connection.
No real solutions exists. The following steps can mitigate (but not solve) the problem:
- Disable SSL-Renegotiation
- Invest into SSL Accelerator
Windows binary: thc-ssl-dos-1.4-win-bin.zip
Unix Source : thc-ssl-dos-1.4.tar.gz
For more information click here
LINK TO OUR HOME PAGE :


Categories:
download
,
vulnerablity