/* ----- LOWER SECTION ----- */ #lower { margin:auto; padding: 0px 0px 10px 0px; width: 100%; background:#333434; } #lower-wrapper { margin:auto; padding: 20px 0px 20px 0px; width: 960px; } #lowerbar-wrapper { border:1px solid #DEDEDE; background:#fff; float: left; margin: 0px 5px auto; padding-bottom: 20px; width: 32%; text-align: justify; font-size:100%; line-height: 1.6em; word-wrap: break-word; overflow: hidden; } .lowerbar {margin: 0; padding: 0;} .lowerbar .widget {margin: 0; padding: 10px 20px 0px 20px;} .lowerbar h2 { margin: 0px 0px 10px 0px; padding: 3px 0px 3px 0px; text-align: left; color:#0084ce; text-transform:uppercase; font: bold 14px Arial, Tahoma, Verdana; border-bottom:3px solid #0084ce; } .lowerbar ul { margin: 0px 0px 0px 0px; padding: 0px 0px 0px 0px; list-style-type: none; } .lowerbar li { margin: 0px 0px 2px 0px; padding: 0px 0px 1px 0px; border-bottom: 1px dotted #ccc; }

Wednesday, 27 November 2013

Posted on 08:12 by Unknown

NEW DOS TOOL TO KILL SSL SERVER



A newly released denial-of-service (DOS) tool can be used to bring down SSL servers using an average laptop computer and a standard DSL connection.
The hacking outfit decided to release the tool, called THC-SSL-DOS, now because it has already been leaked online a couple of months ago. "We are hoping that the fishy security in SSL does not go unnoticed. The industry should step in to fix the problem so that citizens are safe and secure again," a THC member said.


It's worth pointing out that even without SSL renegotiation enabled, attackers can still use THC-SSL-DOS successfully against servers. However, such attacks would require more than a single laptop.

"It still works if SSL renegotiation is not supported but requires some modifications and more bots before an effect can be seen," the group noted. "Taking on larger server farms who make use of SSL load balancers required 20 average size laptops and about 120kbit/sec of traffic," it added.

Download THC-SSL-DOS

How it works :

Unzip the downloaded file to any drive.
Change the prompt to the drive in which you have unzipped the tool.
Change directory to thc-ssl-dos.
Now run the exe file. Pass the command thc-ssl-dos to execute it. The figure below demonstrates the above steps.

Now in order to perform attack using this tool , you will have to pass the following command;

thc-ssl-dos TARGET IP --accept
On passing the following command the tool will start its process.
The below figure demonstrates this process.


You can also download the source code and analyse it to have a deeper understanding of the tool.

If you have any queries and suggestions then add your comments below.
Leave a comment

0 comments :

Post a Comment

Subscribe to: Post Comments ( Atom )

Blogger news