[erlang-questions] Efficient Denial of Service Attacks on Web Application Platforms and it's effects in Erlang?
Dmitrii Dimandt
dmitriid@REDACTED
Fri Dec 30 10:47:10 CET 2011
Hi all.
Efficient Denial of Service Attacks on Web Application Platforms:
http://events.ccc.de/congress/2011/Fahrplan/attachments/2007_28C3_Effective_DoS_on_web_application_platforms.pdf
Tl;dr:
It's not strictly platforms that are targeted, it's languages (!)
Most of the time web forms are processed and stored in hash tables.
It is quite easy to craft a request with hash table collisions.
PHP, Java, C# (ASP.NET), Python, Ruby — all are vulnerable.
PHP: 1 Gbit/s attack will keep ~10.000 i7 cores busy
Python: 1 Gbit/s attack will keep ~5·104 Core Duo cores busy
etc.
The link above contains technical details
I wonder if Erlang-based web platforms/servers etc. are affected and if
they are affected?
Specifically, I'm worried about
- Yaws
- Mochiweb
- Webmachine
- Misultin
- Cowboy
:)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20111230/f9f897d7/attachment.htm>
More information about the erlang-questions
mailing list