New DoS tool overloads SSL servers with ease

The DoS attack tool takes advantage of a feature in SSL that can be maliciously exploited to overload servers using a single laptop

A newly released denial-of-service (DoS) tool can be used to bring down SSL servers using an average laptop computer and a standard DSL connection.

Called THC-SSL-DoS,  the tool was created by German hacking outfit The Hackers Choice (THC) and exploits a rarely used, but widely available, feature in the SSL protocol called SSL renegotiation.

[ Learn how to greatly reduce the threat of malicious attacks with InfoWorld's Insider Threat Deep Dive PDF special report. ]

This type of attack is not new. In fact, vendors have known about the issue since 2003 and, according to the THC, the method was used in last year's DoS attacks against MasterCard.

The hacking outfit decided to release the tool now because it has already been leaked online a couple of months ago. "We are hoping that the fishy security in SSL does not go unnoticed. The industry should step in to fix the problem so that citizens are safe and secure again," a THC member said.

It's worth pointing out that even without SSL renegotiation enabled, attackers can still use THC-SSL-DoS successfully against servers. However, such attacks would require more than a single laptop.

"It still works if SSL renegotiation is not supported but requires some modifications and more bots before an effect can be seen," the group noted. "Taking on larger server farms who make use of SSL load balancers required 20 average size laptops and about 120Kbps of traffic," it added.

This is not the first time when SSL renegotiation exposed servers to security risks. Back in November 2009, a Turkish grad student devised a proof-of-concept man-in-the-middle attack that exploited a vulnerability in this SSL feature to steal Twitter login credentials passed over secure connections.

Join the discussion
Be the first to comment on this article. Our Commenting Policies