Tool lets hackers launch a denial-of-service attack from a single PC over a DSL connection.
SSL is in the hot seat again: A new, free tool is now circulating that can take down an HTTPS Web server in a denial-of-service attack using a single laptop via a DSL connection.
Researchers with a hacker group called The Hackers Choice (THC) Tuesday released the so-called THC-SSL-DOS tool that abuses the SSL renegotiation feature, which basically re-performs the encryption handshake.
The tool lets an attacker use a single connection to relentlessly perform the renegotiation with the SSL server, eventually overwhelming it. "It's a constant renegotiation. Instead of forming new connections over and over again ... it increases the overhead of the server," said Tyler Reguly, manager of security research and development with nCircle.
It all comes down to an SSL feature--SSL renegotiation--that isn't typically needed for Web servers. "Unless you wanted to change the encryption level, it's not a necessity. Some SSL VPNs make extensive use of it, but it's not needed in the Web browsing world," Reguly said.
The hackers who wrote the tool recommend disabling SSL renegotiation. But even that won't completely prevent such a denial-of-service attack. "It still works if SSL renegotiation is not supported but requires some modifications and more bots before an effect can be seen," the THC hackers said in a statement.
For the tool to take down server farms with SSL load balancing, it requires using about 20 "average size" laptops and 120 Kbps of traffic, they said.
The new tool is reminiscent of the Slowloris attack tool that keeps connections open by sending partial HTTP requests and sends headers at regular intervals to prevent the sockets from closing, and OWASP's Slow HTTP Post tool. There's also the open-source slowhttptest tool that checks a server's vulnerability to a Slowloris-type attack.
Published: 2015-10-15 The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...
Published: 2015-10-15 Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.
Published: 2015-10-15 Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.