Hacker News new | past | comments | ask | show | jobs | submit login
DHEat Attack: DoS attack by enforcing the Diffie-Hellman key exchange (dheatattack.com)
7 points by yarapavan on Oct 13, 2022 | hide | past | favorite | 2 comments



If it's useful, here [1] is a tool for auditing the SSH config of a server from the internet and suggesting hardening options for both server and client. And here [2] is a tool for configuring TLS on various web servers, load balancers, mail servers and databases. One could also clone testssl.sh [3] to audit their TLS daemons on IP's not open to the internet. Depends on openssl and bash

If hardening SSH it may be safest to first harden the SSH client and ensure one can still connect. Then harden the ssh daemon of a local machine using the same version of openssh used on ones servers to minimize the risk of locking one out of their own machine and having to use a rescue console or ILO. This may be counter-intuitive but going through the hardening process significantly speeds up SSH handshake time which may be most useful to those using Ansible.

[1] - https://www.ssh-audit.com/

[2] - https://ssl-config.mozilla.org/

[3] - https://github.com/drwetter/testssl.sh


You can also use CryptoLyzer[1] to audit your TLS (not just HTTPS, but SMTP, IMAP, ...) and SSH servers if you do not want to use SaaS solutions.

There are another tools (open source and SaaS) on OWASP Transport Layer Protection Cheat Sheet page[2].

[1] https://gitlab.com/coroner/cryptolyzer

[2] https://cheatsheetseries.owasp.org/cheatsheets/Transport_Lay...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: