LiteSpeed Against Thc-ssl-dos
thc-ssl-dos script was published two days ago, and it has been posted all-over the internet. You may wonder if LiteSpeed is vulnerable to this attack. The short answer is
NO
in our lab, we tried it against LSWS 4.1.6 release.
thc-ssl-dos-1.4> src/thc-ssl-dos [target_ip] 443 --accept
______________ ___ _________
\__ ___/ | \ \_ ___ \
| | / ~ \/ \ \/
| | \ Y /\ \____
|____| \___|_ / \______ /
\/ \/
http://www.thc.org
Twitter @hackerschoice
Greetingz: the french underground
Waiting for script kiddies to piss off................
The force is with those who read the source...
Handshakes 0 [0.00 h/s], 1 Conn, 0 Err
Handshakes 0 [0.00 h/s], 181 Conn, 0 Err
Handshakes 0 [0.00 h/s], 181 Conn, 0 Err
Handshakes 0 [0.00 h/s], 181 Conn, 0 Err
Handshakes 0 [0.00 h/s], 231 Conn, 0 Err
Handshakes 0 [0.00 h/s], 231 Conn, 0 Err
Handshakes 0 [0.00 h/s], 231 Conn, 0 Err
Handshakes 0 [0.00 h/s], 231 Conn, 0 Err
Handshakes 0 [0.00 h/s], 231 Conn, 0 Err
Handshakes 0 [0.00 h/s], 231 Conn, 0 Err
Handshakes 0 [0.00 h/s], 231 Conn, 0 Err
Handshakes 0 [0.00 h/s], 231 Conn, 0 Err
Handshakes 0 [0.00 h/s], 231 Conn, 0 Err
Handshakes 0 [0.00 h/s], 233 Conn, 0 Err
Handshakes 0 [0.00 h/s], 233 Conn, 0 Err
Handshakes 0 [0.00 h/s], 233 Conn, 0 Err
Handshakes 0 [0.00 h/s], 233 Conn, 0 Err
Handshakes 0 [0.00 h/s], 233 Conn, 0 Err
Handshakes 0 [0.00 h/s], 233 Conn, 0 Err
Handshakes 0 [0.00 h/s], 233 Conn, 0 Err
Handshakes 0 [0.00 h/s], 233 Conn, 0 Err
Handshakes 0 [0.00 h/s], 233 Conn, 0 Err
ERROR: Target has disabled renegotiations.
Use your own skills to modify the source to test/attack
the target [hint: TCP reconnect for every handshake].Can we block it? you may wonder.
YES
Just set “Connection soft Limit” and “Connection hard limit” under “Server”->”Security”->”Per client throttling”, we set soft limit to 20, hard limit to 30, and did the test again.
thc-ssl-dos-1.4> src/thc-ssl-dos [target_ip] 443 --accept
______________ ___ _________
\__ ___/ | \ \_ ___ \
| | / ~ \/ \ \/
| | \ Y /\ \____
|____| \___|_ / \______ /
\/ \/
http://www.thc.org
Twitter @hackerschoice
Greetingz: the french underground
Waiting for script kiddies to piss off................
The force is with those who read the source...
Handshakes 0 [0.00 h/s], 1 Conn, 0 Err
SSL: error:00000000:lib(0):func(0):reason(0)
SSL: error:00000000:lib(0):func(0):reason(0)
SSL: error:00000000:lib(0):func(0):reason(0)
SSL: error:00000000:lib(0):func(0):reason(0)
SSL: error:00000000:lib(0):func(0):reason(0)LiteSpeed immediately blacklisted the IP and rejected SSL connections from that IP. Actually, normal HTTP connections will be rejected as well.
How about the form of attack in their private release, which repeatedly reestablish new HTTPS connections instead of using SSL negotiation?
We have an answer as well, Stay tuned!
To be continued…
Comments