DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 25th October 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,140
Thanked 182 Times in 149 Posts
Default New denial of service tool knocks out encrypting servers

From http://h-online.com/-1366564

Quote:
A group calling itself The Hacker's Choice (THC) has released a tool that enables a single computer to disable an encrypting server. The concept used by the tool is based on forcing the server to renegotiate the key used for encryption.

Encrypting and decrypting payload data for services such as https is not particularly resource-hungry. Where an https connection gets really resource-intensive is in establishing the SSL connection, which involves key negotiation. This is, in part, because data encryption is carried out using highly efficient symmetric algorithms such as AES. To negotiate the AES session key, however, SSL needs to use resource-intensive asymmetric algorithms such as RSA. This is due both to the specific mathematical process involved and the key length required – AES, for example, requires 128 or 256 bits, whereas RSA requires 1024 or even 2048 bit keys.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 26th October 2011
Nightweaver's Avatar
Nightweaver Nightweaver is offline
Fdisk Soldier
 
Join Date: May 2008
Location: Belgrade, Serbia
Posts: 47
Thanked 5 Times in 4 Posts
Default

Tool needs slight modification to work on Apache/Nginx - they don't allow renegotiation. I've tested it on Courier IMAP - and it overloads machine in less than a minute. Here you may find patched tool so that you don't kill your server but see if it's vulnerable or not: http://pastebin.com/bKLue33X
__________________
If it moves, crypt it. Unless it's static - than you should double-crypt it.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Good VPN service? guitarscn Off-Topic 2 15th December 2009 08:55 AM
service prioritization badguy OpenBSD General 1 29th July 2009 05:36 PM
Encrypting gvinum raid5 oxy FreeBSD General 1 13th December 2008 05:59 PM
Encrypting Files JMJ_coder General software and network 22 25th October 2008 07:49 AM
Encrypting hard drive? ViperChief FreeBSD Installation and Upgrading 5 31st May 2008 03:42 PM


All times are GMT. The time now is 12:28 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick