THC SSL DDOS Leaves SSL Sites Vulnerable

When a SSL connection is established the server requires 15 times more power than the client, As a result of which sites with SSL can be knocked off easily due to the flaw in the protocol itself. German hacker's group THC has recently released a tool named SSL-DDOS which can be used to compromise the availbity of websites using secure connections.

How It Works?

THC-SSL-DOS exploits this asymmetric property by overloading theserver and knocking it off the Internet.This problem affects all SSL implementations today. The vendors are awareof this problem since 2003 and the topic has been widely discussed.This attack further exploits the SSL secure Renegotiation featureto trigger thousands of renegotiations via single TCP connection.

Download:

Windows binary: thc-ssl-dos-1.4-win-bin.zip
Unix Source : thc-ssl-dos-1.4.tar.gz

Usage:

./thc-ssl-dos Target 443 or any other SSL enabled port.

Countermeasures:

As this is protocol based flaw it cannot be completly avoided, but the best mitigation technique is to disable SSL-Renegotiation as the exploit purely targets SSL-Renegotiation.

3 comments:

Hassan MirNovember 10, 2011 at 2:08 AM
Nice tut rafay !!!
plzz upload a tut about hacking "shop admin"
Rasha AhamedNovember 10, 2011 at 10:57 AM
hey i jst double clicked on tat, exe file in my own pc after i downloaded the winzip file unfortunately, so plz could u tell me hw to get rid of it now, tnx ion advance :(
тяσנαη нα¢кєяDecember 8, 2011 at 3:09 AM
Its Amazing

THC SSL DDOS Leaves SSL Sites Vulnerable

3 comments:

Rafay's Blackhat Talk

Webinar on WAF Bypass

Random

Popular

Comments

Categories

Contact Form