Tool lets hackers launch a denial-of-service attack from a single PC over a DSL connection.
SSL is in the hot seat again: A new, free tool is now circulating that can take down an HTTPS Web server in a denial-of-service attack using a single laptop via a DSL connection.
Researchers with a hacker group called The Hackers Choice (THC) Tuesday released the so-called THC-SSL-DOS tool that abuses the SSL renegotiation feature, which basically re-performs the encryption handshake.
The tool lets an attacker use a single connection to relentlessly perform the renegotiation with the SSL server, eventually overwhelming it. "It's a constant renegotiation. Instead of forming new connections over and over again ... it increases the overhead of the server," said Tyler Reguly, manager of security research and development with nCircle.
It all comes down to an SSL feature--SSL renegotiation--that isn't typically needed for Web servers. "Unless you wanted to change the encryption level, it's not a necessity. Some SSL VPNs make extensive use of it, but it's not needed in the Web browsing world," Reguly said.
The hackers who wrote the tool recommend disabling SSL renegotiation. But even that won't completely prevent such a denial-of-service attack. "It still works if SSL renegotiation is not supported but requires some modifications and more bots before an effect can be seen," the THC hackers said in a statement.
For the tool to take down server farms with SSL load balancing, it requires using about 20 "average size" laptops and 120 Kbps of traffic, they said.
The new tool is reminiscent of the Slowloris attack tool that keeps connections open by sending partial HTTP requests and sends headers at regular intervals to prevent the sockets from closing, and OWASP's Slow HTTP Post tool. There's also the open-source slowhttptest tool that checks a server's vulnerability to a Slowloris-type attack.
Published: 2015-03-26 The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via spoofed AN messages that reset a finite state machine,...
Published: 2015-03-26 The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) via spoofed AN messages, aka Bug ID CSCup62315.
Published: 2015-03-26 Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets, aka Bug ID CSCsi02145.