Sign in with
Sign up | Sign in
Your question
Closed

New DoS Tool Kills SSL Servers With Just One PC

Last response: in News comments
Share
Related resources
October 26, 2011 3:28:39 PM

"The software is available as a free download for Windows and Unix. Before you download it and use it, keep in mind that using the software will most likely be considered a criminal act."

I am not going to even click on the link. Reminds me of Sony's mess when they tried to get the web hosting company to turn over the IPs of those who downloaded the source code. It's asking for trouble.

Why even make it available for folks do stupid things with and create a libability to Tom's?
October 26, 2011 3:32:09 PM

oh god, this cannot be good news.
October 26, 2011 3:35:43 PM

Tom's Hardware just became any noob hacker's dream..
October 26, 2011 4:02:53 PM

Darkk"The software is available as a free download for Windows and Unix. Before you download it and use it, keep in mind that using the software will most likely be considered a criminal act."I am not going to even click on the link. Reminds me of Sony's mess when they tried to get the web hosting company to turn over the IPs of those who downloaded the source code. It's asking for trouble.Why even make it available for folks do stupid things with and create a libability to Tom's?


I bet you are scared to read Mein Kampf because you think you may be accused of being a Nazi and part of concentration camps during WW2.

There is no danger in reading source code, unless that source code was copyrighted and then stolen. This code is open source, for those who want to learn about what vulnerabilities exist in current services that the majority of people who use the Internet rely on. Just don't compile and then run it against a server you don't own/ have explicit, written/signed consent to do so.

Note however that many SSL servers do limit single IP simultaneous connections, and also many servers disable renegotiation (so you have to reconnect each time) and luckily many SSL servers also have a long reconnect timeout ;)  So in many cases this script won't work.... But then again, there are those servers that don't.

October 26, 2011 4:16:25 PM

I was wondering why would I want to download such a tool?
October 26, 2011 4:18:54 PM

alyoshkaI was wondering why would I want to download such a tool?


It takes one, to know to download one.
October 26, 2011 4:29:22 PM

Why the F would Tom's post a link to illegal software in their news ticker?

October 26, 2011 4:31:48 PM

rozzTom's Hardware just became any noob hacker's dream..

Is a noob hacker worse than a script kiddie?
October 26, 2011 4:33:13 PM

NetherscourgeWhy the F would Tom's post a link to illegal software in their news ticker?

Because it is just a link.
October 26, 2011 4:52:43 PM

There's nothing illegal about using this software.

Just if you use it on someone else's SSL server.
October 26, 2011 4:53:12 PM

I'm waiting till someone uses it on Facebook which just went SSL.
October 26, 2011 5:15:27 PM

Imma charge meh lazur
October 26, 2011 5:16:48 PM

rozzTom's Hardware just became any noob hacker's dream..


Tom's doesn't use SSL ... it's complete unencrypted ... take a look at your address bar in you browser.

This so called SSL DoS attack is pretty lame at best. Most SSL servers don't have SSL renegotiation enabled, and those that do have a retry limit. Once again the Germans come up short, just like they did in WWII.

Just more hackers trying to get attention to a ton of work they did that is for the most part is NOT successful with any reasonably good SSL server.

Love how these lame hackers use "Fishy Security" -- is that technical term??? Hahaha ROFL
October 26, 2011 5:36:26 PM

NetherscourgeWhy the F would Tom's post a link to illegal software in their news ticker?


Probably because Tom's is owned by Bestofmedia Group (HQ is in Los Angeles CA), with CEO Antoine Boulin (French native). Tom Pabst the original creator of Tom's Hardware (back when it had a good reputation for solid unbiased information) was a German doctor -- perhaps that's why Tom's is publishing this link.

But the more likely reason for publishing this article is much more simple ... hit count, pays the bills.

I'm sure my post will get deleted even though it violates no "terms of use".
October 26, 2011 5:37:22 PM

when are they going to nuke FB again? November something?
October 26, 2011 5:43:17 PM

nothing illegal about this software, just how you use it. It is a tool; a knife if you will. In the hands of one person it is a tool for illegal purposes, in the hands of another it is a tool for more constructive means (like patching security holes, and prompting people to invent better measures of security).
October 26, 2011 7:23:33 PM

CaedenVnothing illegal about this software, just how you use it. It is a tool; a knife if you will. In the hands of one person it is a tool for illegal purposes, in the hands of another it is a tool for more constructive means (like patching security holes, and prompting people to invent better measures of security).


agree
October 26, 2011 7:26:00 PM

Cool, does this tool work on Apple's server?
October 26, 2011 8:42:32 PM

techguy378Cool, does this tool work on Apple's server?


Aah the ignorant Windows fan boy/girl ... read up on how SSL works and then you'll understand why your question makes no sense.
October 26, 2011 10:22:49 PM

alright people, lets get cracking... need to fix this security hole.
October 26, 2011 10:26:23 PM

apt-get install fail2ban.

Problem solved.
October 27, 2011 2:09:15 AM

For a second there, I thought it said DOS tool...as in DOS 3.1...kinda disappointed.
October 27, 2011 2:40:07 AM

CaedenVnothing illegal about this software, just how you use it. It is a tool; a knife if you will. In the hands of one person it is a tool for illegal purposes, in the hands of another it is a tool for more constructive means (like patching security holes, and prompting people to invent better measures of security).


i believe that where i live in the us butterfly knives, switch blades, and knives over a certain length are illegal just to possess, im not sure of the last one.
October 29, 2011 3:56:53 AM

Now the Anonymous can make their kiddy script sessions even easier!
October 29, 2011 8:49:56 PM

Quote:
Darkk"The software is available as a free download for Windows and Unix. Before you download it and use it, keep in mind that using the software will most likely be considered a criminal act."I am not going to even click on the link. Reminds me of Sony's mess when they tried to get the web hosting company to turn over the IPs of those who downloaded the source code. It's asking for trouble.Why even make it available for folks do stupid things with and create a libability to Tom's?



Because it's called freedom of information. Are sou so scared to be free?
October 29, 2011 8:55:11 PM

NetherscourgeWhy the F would Tom's post a link to illegal software in their news ticker?


Illegal? What exactly makes it illegal? Where it's written it's illegal?
And even if it is, who are you to say what others should do?
Anonymous
November 4, 2011 7:37:47 PM

This tool does not break the encryption and allow the content to be unencrypted. It is a Denial of Service (DOS) tool. This tools signature will be identified quickly and addressed by most IDS/IPS scanners.
!