[erlang-questions] Efficient Denial of Service Attacks on Web Application Platforms and it's effects in Erlang?
Marc Worrell
marc@REDACTED
Fri Dec 30 12:25:38 CET 2011
Zotonic uses lists as well.
-Marc
Sent from my iPhone
On 30 dec. 2011, at 11:49, Loïc Hoguin <essen@REDACTED> wrote:
> Cowboy uses proplists for this.
>
> On 12/30/2011 10:47 AM, Dmitrii Dimandt wrote:
>> Hi all.
>>
>> Efficient Denial of Service Attacks on Web Application Platforms:
>> http://events.ccc.de/congress/2011/Fahrplan/attachments/2007_28C3_Effective_DoS_on_web_application_platforms.pdf
>>
>> Tl;dr:
>>
>> It's not strictly platforms that are targeted, it's languages (!)
>> Most of the time web forms are processed and stored in hash tables.
>> It is quite easy to craft a request with hash table collisions.
>>
>> PHP, Java, C# (ASP.NET <http://ASP.NET>), Python, Ruby — all are vulnerable.
>>
>> PHP: 1 Gbit/s attack will keep ~10.000 i7 cores busy
>> Python: 1 Gbit/s attack will keep ~5·104 Core Duo cores busy
>>
>> etc.
>>
>> The link above contains technical details
>>
>>
>> I wonder if Erlang-based web platforms/servers etc. are affected and if
>> they are affected?
>>
>> Specifically, I'm worried about
>>
>> - Yaws
>> - Mochiweb
>> - Webmachine
>> - Misultin
>> - Cowboy
>
>
> --
> Loïc Hoguin
> Dev:Extend
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
More information about the erlang-questions
mailing list