- THC-SSL-DOS is a tool to verify the performance of SSL.
- Establishing a secure SSL connection requires 15x more processing power on the server than on the client.
- THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet.
- This problem affects all SSL implementations today. The vendors are aware of this problem since 2003 and the topic has been widely discussed.
- This attack further exploits the SSL secure Renegotiation feature to trigger thousands of renegotiations via single TCP connection.
No real solutions exists. The following steps can mitigate (but not solve) the problem:
- Disable SSL-Renegotiation
- Invest into SSL Accelerator
Windows binary: thc-ssl-dos-1.4-win-bin.zip
Unix Source : thc-ssl-dos-1.4.tar.gz
LINK TO OUR HOME PAGE :