Metadata-Version: 2.2
Name: DHEater
Version: 0.3.1
Summary: D(HE)ater is an attacking tool heating the CPU by enforcing DHE KEX in case of TLS and SSH
Home-page: https://github.com/balasys/dheater
Author: BalaSys IT Security
Maintainer: Szilárd Pfeiffer
Maintainer-email: szilard.pfeiffer@balasys.hu
License: Apache-2.0
Keywords: dhe denial-of-service tls ssh
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Information Technology
Classifier: Intended Audience :: Science/Research
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Natural Language :: English
Classifier: Operating System :: MacOS
Classifier: Operating System :: Microsoft :: Windows
Classifier: Operating System :: POSIX
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: Programming Language :: Python :: Implementation :: PyPy
Classifier: Programming Language :: Python
Classifier: Topic :: Security
Classifier: Topic :: Security :: Cryptography
Classifier: Topic :: Software Development :: Testing :: Traffic Generation
Classifier: Topic :: Software Development :: Testing
Description-Content-Type: text/markdown
License-File: LICENSE.txt
Requires-Dist: attrs>=19.1
Requires-Dist: cryptoparser>=0.7.1
Requires-Dist: cryptolyzer>=0.7.2
Requires-Dist: urllib3
Provides-Extra: test
Requires-Dist: unittest2; extra == "test"
Requires-Dist: coverage; extra == "test"
Requires-Dist: six; extra == "test"
Provides-Extra: pep8
Requires-Dist: flake8; extra == "pep8"
Provides-Extra: pylint
Requires-Dist: pylint; extra == "pylint"
Dynamic: author
Dynamic: classifier
Dynamic: description
Dynamic: description-content-type
Dynamic: home-page
Dynamic: keywords
Dynamic: license
Dynamic: maintainer
Dynamic: maintainer-email
Dynamic: provides-extra
Dynamic: requires-dist
Dynamic: summary

# D(HE)ater

D(HE)ater is an attacking tool based on CPU heating in that it forces the ephemeral variant of
[Diffie-Hellman key exchange](https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange) (DHE) in given
cryptography protocols (e.g. TLS, SSH). It is performed without calculating a cryptographically correct ephemeral key on
the client-side, but with a significant amount of calculation on the server-side. Based on this,
a [denial-of-service (DoS) attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) can be initiated,
called *D(HE)at attack* ([CVE-2002-20001](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-20001)).

## Quick start

D(HE)ater can be installed directly via [pip](https://pip.pypa.io/en/stable/) from
[PyPi](https://pypi.org/project/dheater/)

```console
pip install dheater
dheat --protocol tls ecc256.badssl.com
dheat --protocol ssh ecc256.badssl.com
```

or can be used via [Docker](https://www.docker.com/) from
[Docker Hub](https://hub.docker.com/repository/docker/balasys/dheater)

```console
docker pull balasys/dheater
docker run --tty --rm balasys/dheater --protocol tls ecc256.badssl.com
docker run --tty --rm balasys/dheater --protocol ssh ecc256.badssl.com
```

You can increase load by string extra threads.

```console
dheat --thread-num 4 --protocol tls ecc256.badssl.com
docker run --tty --rm balasys/dheater --thread-num 4 --protocol tls ecc256.badssl.com
docker run --tty --rm balasys/dheater --thread-num 4 --protocol ssh ecc256.badssl.com
```

## Mitigation

### Configuration

Diffie-Hellman (DHE) key exchange should be disabled if no other mitigation mechanism can be used and either 
elliptic-curve variant of Diffie-Hellman (ECDHE) or RSA key exchange is supported by the clients. The fact that RSA key
exchange is not forward secret should be considered.

#### TLS

##### Apache

```
SSLCipherSuite ...:!kDHE
```

##### NGINX

```
ssl_ciphers ...:!kDHE;
```

##### Postfix


1. Diffie-Hellman key exchange algorithms can be removed by setting the [tls_medium_cipherlist](http://www.postfix.org/postconf.5.html#tls_medium_cipherlist) configuration option.

    `tls_medium_cipherlist ...:!kDHE`

1. Maximal number of new TLS sessions that a remote SMTP client is allowed to negotiate can be controlled by configuration option [smtpd_client_new_tls_session_rate_limit](http://www.postfix.org/postconf.5.html#smtpd_client_new_tls_session_rate_limit) configuration option.

    `smtpd_client_new_tls_session_rate_limit 100`

##### Others

See [moz://a SSL Configuration Generator](https://ssl-config.mozilla.org/) for configuration syntax.

### SSH

##### OpenSSH

1. Diffie-Hellman key exchange algorithms can be removed by setting the [KexAlgorithms](https://man.openbsd.org/sshd_config#KexAlgorithms) configuration option.

    `KexAlgorithms -diffie-hellman-group1-sha1,diffie-hellman-group1-sha256,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha256,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha512`
1. Maximum number of concurrent unauthenticated connections can be controlled by some configuration options
    *  [MaxStartups](https://man.openbsd.org/sshd_config#MaxStartups) (globally)

        `MaxStartups 10:30:100`
    * [PerSourceMaxStartups](https://man.openbsd.org/sshd_config#PerSourceMaxStartups) (per source IP subnetworks)

        `PerSourceMaxStartups 1`
    * [PerSourceNetBlockSize](https://man.openbsd.org/sshd_config#PerSourceNetBlockSize) (size of the subnetworks grouped together)

        `PerSourceNetBlockSize 32:128`

### Fail2Ban

#### TLS

##### Apache

There are no relevant filters.

1. `apache-ssl.conf` in `fail2ban` directory should be copied to the `filter.d` directory under the fail2ban configuration
    directory
1. the followings should be added to the `jail.local` file in the fail2ban configuration directory

    ```ini
    [apache-ssl]

    port    = https
    logpath = %(apache_error_log)s
    maxretry = 1
    ```

##### Postfix

There is a relevant filter, but it is applied only in ddos mode. The followings should be added to `jail.local`.

```ini
[postfix]
mode = ddos
```

##### Dovecot

There is a relevant filter, but it is applied only in ddos mode. The followings should be added to `jail.local`.

```ini
[dovecot]
mode = aggressive
```

or a specific filter can be used without changing the mode of dovecot.

1. `dovecot-ssl.conf` in `fail2ban` directory should be copied to the `filter.d` directory under the fail2ban configuration
    directory
1. the followings should be added to `jail.local` in tge fail2ban configuration directory

    ```ini
    [dovecot-ssl]

    port    = pop3,pop3s,imap,imaps,submission,465,sieve
    logpath = %(dovecot_log)s
    backend = %(dovecot_backend)s
    maxretry = 1
    ```

#### SSH

##### OpenSSH

There is a relevant filter, but it is applied only in ddos mode. The followings should be added to `jail.local`.

```ini
[sshd]
mode = ddos
```

## License

The code is available under the terms of Apache License Version 2.0. 
A non-comprehensive, but straightforward description and also the full license text can be found at 
[Choose an open source license](https://choosealicense.com/licenses/apache-2.0/) website.
