Cause of MS SSL DoS attack

• Previous message: Oldani Massimiliano: "Re: Randomized Stack"
• Next in thread: David Barroso: "Re: Cause of MS SSL DoS attack"
• Reply: David Barroso: "Re: Cause of MS SSL DoS attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 28 Nov 2005 17:58:58 +0530
To: vuln-dev@securityfocus.com

Hi All;
I am trying to understand the main cause of DoS for MS SSL vulnerability
(MS04-011, CAN-2004-0120). Everywhere, I get one information
that specially malformed SSL messages can cause DoS, but what exactly is
causing the DoS is not mentioned. After seeing the exploit code, I could
see that normally, during SSL handshake, client sends available Cipher
suites to server, which are around 30 (at most). therefore Cipher Suite
length is at most 60 bytes (in general). but under this attack, i found it
to be 39729!! there are many unknown types of cipher suites. Is this the
cause of DoS? I shall be thankful for any information.

-Sanjay

• Previous message: Oldani Massimiliano: "Re: Randomized Stack"
• Next in thread: David Barroso: "Re: Cause of MS SSL DoS attack"
• Reply: David Barroso: "Re: Cause of MS SSL DoS attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]