[erlang-questions] Efficient Denial of Service Attacks on Web Application Platforms and it's effects in Erlang?
Loïc Hoguin
essen@REDACTED
Fri Dec 30 11:49:47 CET 2011
Cowboy uses proplists for this.
On 12/30/2011 10:47 AM, Dmitrii Dimandt wrote:
> Hi all.
>
> Efficient Denial of Service Attacks on Web Application Platforms:
> http://events.ccc.de/congress/2011/Fahrplan/attachments/2007_28C3_Effective_DoS_on_web_application_platforms.pdf
>
> Tl;dr:
>
> It's not strictly platforms that are targeted, it's languages (!)
> Most of the time web forms are processed and stored in hash tables.
> It is quite easy to craft a request with hash table collisions.
>
> PHP, Java, C# (ASP.NET <http://ASP.NET>), Python, Ruby — all are vulnerable.
>
> PHP: 1 Gbit/s attack will keep ~10.000 i7 cores busy
> Python: 1 Gbit/s attack will keep ~5·104 Core Duo cores busy
>
> etc.
>
> The link above contains technical details
>
>
> I wonder if Erlang-based web platforms/servers etc. are affected and if
> they are affected?
>
> Specifically, I'm worried about
>
> - Yaws
> - Mochiweb
> - Webmachine
> - Misultin
> - Cowboy
--
Loïc Hoguin
Dev:Extend
More information about the erlang-questions
mailing list