[erlang-questions] Efficient Denial of Service Attacks on Web Application Platforms and it's effects in Erlang?

Justus mapandfold@REDACTED
Fri Dec 30 11:10:28 CET 2011


I did a quick check on Yaws and Mochiweb, they both use list but not
dict to store form values, so such attack won't work here.

On Fri, Dec 30, 2011 at 5:47 PM, Dmitrii Dimandt <dmitriid@REDACTED> wrote:
> Hi all.
>
> Efficient Denial of Service Attacks on Web Application Platforms:
> http://events.ccc.de/congress/2011/Fahrplan/attachments/2007_28C3_Effective_DoS_on_web_application_platforms.pdf
>
> Tl;dr:
>
> It's not strictly platforms that are targeted, it's languages (!)
> Most of the time web forms are processed and stored in hash tables.
> It is quite easy to craft a request with hash table collisions.
>
> PHP, Java, C# (ASP.NET), Python, Ruby — all are vulnerable.
>
> PHP: 1 Gbit/s attack will keep ~10.000 i7 cores busy
> Python: 1 Gbit/s attack will keep ~5·104 Core Duo cores busy
>
> etc.
>
> The link above contains technical details
>
>
> I wonder if Erlang-based web platforms/servers etc. are affected and if they
> are affected?
>
> Specifically, I'm worried about
>
> - Yaws
> - Mochiweb
> - Webmachine
> - Misultin
> - Cowboy
>
> :)
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>



-- 
Best Regards,
Justus



More information about the erlang-questions mailing list