A newly released denial-of-service (DOS) tool can be used to bring down SSL servers using an average laptop computer and a standard DSL connection.
The hacking outfit decided to release the tool, called THC-SSL-DOS, now because it has already been leaked online a couple of months ago. "We are hoping that the fishy security in SSL does not go unnoticed. The industry should step in to fix the problem so that citizens are safe and secure again," a THC member said.
It's worth pointing out that even without SSL renegotiation enabled, attackers can still use THC-SSL-DOS successfully against servers. However, such attacks would require more than a single laptop.
"It still works if SSL renegotiation is not supported but requires some modifications and more bots before an effect can be seen," the group noted. "Taking on larger server farms who make use of SSL load balancers required 20 average size laptops and about 120kbit/sec of traffic," it added.
How it works :
Unzip the downloaded file to any drive.
Change the prompt to the drive in which you have unzipped the tool.
Change directory to thc-ssl-dos.
Now run the exe file. Pass the command thc-ssl-dos to execute it. The figure below demonstrates the above steps.
Now in order to perform attack using this tool , you will have to pass the following command;
thc-ssl-dos TARGET IP --accept
On passing the following command the tool will start its process.
The below figure demonstrates this process.
You can also download the source code and analyse it to have a deeper understanding of the tool.
If you have any queries and suggestions then add your comments below.