Full Disclosure mailing list archives
Re: THC SSL DOS tool released
From: coderman <coderman () gmail com>
Date: Wed, 2 Nov 2011 14:07:36 -0700
On Wed, Nov 2, 2011 at 1:21 AM, Marc Heuse <mh () mh-sec de> wrote:
... still you dont need a gpu, even with renegotiation disabled and hardware acceleration present. Just don't use openssl (or similar libraries).
indeed. reminds me of the vanity onion generator shallot. you could do this with legitimate keys and take forever, or you could generate weak keys quickly to find a prefix in reasonable time. (in this case, legitimate handshakes are not strictly required for testing, but it would be nice to keep that option. for example, establishing an upper bound of concurrent SSL/TLS connections for load balancer / server benchmarks. it takes me forever to do this in software. i can actually stress with hardware acceleration performing full handshakes. i've had to test upwards of 1.5MM concurrent sessions per endpoint on such systems; this is not a theoretical need :)
and the thc-ssl-dos is a proof of concept code, and could be enhanced to do be more effective too.
since we're on the subject: - cipher suite probing to find un-accelerated suites or more computationally expensive suites supported by a target. - client certificate support (with either static|fixed, pre-generated, or on-demand client cert generation) regardless, this is a handy tool. even if i have to manually edit out the script kiddie pisser. :P _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: THC SSL DOS tool released Marsh Ray (Nov 01)
- Re: THC SSL DOS tool released coderman (Nov 01)
- Re: THC SSL DOS tool released Marc Heuse (Nov 02)
- Re: THC SSL DOS tool released coderman (Nov 02)
- Re: THC SSL DOS tool released coderman (Nov 03)
- Re: THC SSL DOS tool released Marc Heuse (Nov 02)
- Re: THC SSL DOS tool released coderman (Nov 01)