[erlang-questions] Is epmd secure ? (SSL distribution)

Michael McDaniel erlangX@REDACTED
Wed Oct 11 08:13:48 CEST 2006


 googling for ...

     distributed erlang firewall

 provides this thread ...

http://www.erlang.org/ml-archive/erlang-questions/200605/msg00336.html


 ~M


On Mon, Oct 09, 2006 at 07:45:14PM +0200, igwan wrote:
> Hello,
> 
> I have to connect a number of nodes through the internet. I configured 
> the SSL distribution mechanism but still have some questions about security.
> 
> - Is the epmd deamon vulnerable ? I noticed that running it in debug 
> mode (epmd -d) on the console, it receives requests from starting nodes 
> (even SSL) via IP (am I right ?). Can a attacker send multiple register 
> requests or resolve request and take the server down this way ? Is the 
> protocol used by epmd secure when running a SSL node ?
> 
> - Is it possible to set the listen port used by a SSL node in any way ? 
> Reading through the doc, I tried  "-ssl_dist_opt proxylsport 51300" and 
> "-ssl_dist_opt port 51300" to no avail, I see the epmd trace still show 
> a random port being registered.
> 
> I have thought of bypassing the epmd thing, and do its work giving a 
> static configuration, like
> [{sslnode1@REDACTED, 51300},
> {sslnode2@REDACTED, 51301},
> {sslnode3@REDACTED, 51300},
> ...]
> on each node, but is that possible to configure such things ?
> 
> Sorry if the questions already have been asked, I didn't find anything 
> related.
> 
> Thanks for your help,
> 
> igwan
> 
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://www.erlang.org/mailman/listinfo/erlang-questions

-- 
Michael McDaniel
Portland, Oregon, USA
http://autosys.us
+1 503 283 5284



More information about the erlang-questions mailing list