.:SSLFail:. » SecTor

Server Outage

Tyler — Sun, 11 Oct 2009 17:34:01 +0000

Anyone who tried to access SSLFail.com late last night or this morning would have noticed that it was down. I apparently caused my own server outage with python. Here’s how it happened.

When sockstress was first discussed I was rather intrigued and thought about it for a bit, but then I quickly abandoned it… I just had too many other things on my plate. However discussions at SecTOR renewed my interest in exploring how this tool worked. After a bit of googling, I found this page which gives an explanation of what is occurring, although I wasn’t sure if it was correct. It did, however, fit with the ‘TCP/IP Zero Window Size Vulnerability’ in MS09-048.

I decided I would code up the diagram on the Check Point page and see what happened when I tested it. I started writing in python using SOCK_RAW and was ready to send my first packet… or so I’d thought. I forgot to send an appropriate Ethernet header, which meant parsing the packet found garbage instead of a valid packet… and port security on on the switch found an invalid MAC address and quickly disabled the port. Which means no more using the SSLFail.com server for playing with raw sockets.

Anyways, everything is back up and running now.

SSLFail Panel Interview on DarkReading

Tyler — Thu, 08 Oct 2009 21:53:56 +0000

I just wanted to point to an awesome article from Kelly Jackson Higgins on DarkReading. I can call it awesome because it’s about the SSLFail panel at SecTOR and includes quite a bit of the information we shared with attendees, so for anyone not at SecTOR and not wanting to look at the raw data (which is coming soon)… it provides an awesome overview. Mike and I really enjoyed the opportunity to sit down and talk with Kelly and had realized at the end of the call that we had a much better idea of what we were going to discuss on the panel than we did before the interview. So everyone who enjoyed the discussion points on the panel has Kelly to thank for that.

SSLFail @ SecTor

Tyler — Thu, 01 Oct 2009 04:21:22 +0000

I’ve been a huge fan of SecTor since the first year it ran and have been fairly vocal about people attending. This year there’s an extra special reason to attend though, a couple of SSLFail.com bloggers will be doing a panel, we may even have a special guest join us. You’ll have to attend the talk to find out.

As for the subject… we don’t really know. In fact we’re a week away from presenting and it’s still up in the air to some extent. From what I’ve heard you can expect Lolcats, interesting information and some survey results. Anyways, if you’re at SecTor and the Nsploit and Ghostnet talks are full (and I suspect they will be, I wanted to see both of them)… we’re the only option you have left — so come and join us!