[erlang-questions] Is epmd secure ? (SSL distribution)

igwan igwan@REDACTED
Mon Oct 9 19:45:14 CEST 2006


Hello,

I have to connect a number of nodes through the internet. I configured 
the SSL distribution mechanism but still have some questions about security.

- Is the epmd deamon vulnerable ? I noticed that running it in debug 
mode (epmd -d) on the console, it receives requests from starting nodes 
(even SSL) via IP (am I right ?). Can a attacker send multiple register 
requests or resolve request and take the server down this way ? Is the 
protocol used by epmd secure when running a SSL node ?

- Is it possible to set the listen port used by a SSL node in any way ? 
Reading through the doc, I tried  "-ssl_dist_opt proxylsport 51300" and 
"-ssl_dist_opt port 51300" to no avail, I see the epmd trace still show 
a random port being registered.

I have thought of bypassing the epmd thing, and do its work giving a 
static configuration, like
[{sslnode1@REDACTED, 51300},
{sslnode2@REDACTED, 51301},
{sslnode3@REDACTED, 51300},
...]
on each node, but is that possible to configure such things ?

Sorry if the questions already have been asked, I didn't find anything 
related.

Thanks for your help,

igwan




More information about the erlang-questions mailing list