[erlang-questions] Efficient Denial of Service Attacks on Web Application Platforms and it's effects in Erlang?
Fri Dec 30 11:10:28 CET 2011
I did a quick check on Yaws and Mochiweb, they both use list but not
dict to store form values, so such attack won't work here.
On Fri, Dec 30, 2011 at 5:47 PM, Dmitrii Dimandt <dmitriid@REDACTED> wrote:
> Hi all.
> Efficient Denial of Service Attacks on Web Application Platforms:
> It's not strictly platforms that are targeted, it's languages (!)
> Most of the time web forms are processed and stored in hash tables.
> It is quite easy to craft a request with hash table collisions.
> PHP, Java, C# (ASP.NET), Python, Ruby — all are vulnerable.
> PHP: 1 Gbit/s attack will keep ~10.000 i7 cores busy
> Python: 1 Gbit/s attack will keep ~5·104 Core Duo cores busy
> The link above contains technical details
> I wonder if Erlang-based web platforms/servers etc. are affected and if they
> are affected?
> Specifically, I'm worried about
> - Yaws
> - Mochiweb
> - Webmachine
> - Misultin
> - Cowboy
> erlang-questions mailing list
More information about the erlang-questions