Full Disclosure mailing list archives
Re: THC SSL DOS tool released
From: Marc Heuse <mh () mh-sec de>
Date: Wed, 02 Nov 2011 09:21:15 +0100
Am 02.11.2011 00:44, schrieb coderman:
On Tue, Nov 1, 2011 at 4:14 PM, Marsh Ray wrote:... I want an excuse to buy a smokin new video card as much as the next guy, but if anyone ever bothered to look at the protocol they'd realize the attacker doesn't actually need to do any crypto.i don't want to use 20 laptops to do what can be done with one (when renegotiation disabled and hw accel present) i've got a radeon mobility in this lappy for a reason!
still you dont need a gpu, even with renegotiation disabled and hardware acceleration present. Just don't use openssl (or similar libraries). you can send the intial communication yourself before its the client's task to do CPU intensive operations and then just close the connection and reconnect. and the thc-ssl-dos is a proof of concept code, and could be enhanced to do be more effective too. greets, marc -- Marc Heuse www.mh-sec.de PGP: FEDD 5B50 C087 F8DF 5CB9 876F 7FDD E533 BF4F 891A _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: THC SSL DOS tool released Marsh Ray (Nov 01)
- Re: THC SSL DOS tool released coderman (Nov 01)
- Re: THC SSL DOS tool released Marc Heuse (Nov 02)
- Re: THC SSL DOS tool released coderman (Nov 02)
- Re: THC SSL DOS tool released coderman (Nov 03)
- Re: THC SSL DOS tool released Marc Heuse (Nov 02)
- Re: THC SSL DOS tool released coderman (Nov 01)