[erlang-questions] Efficient Denial of Service Attacks on Web Application Platforms and it's effects in Erlang?
Heinz N. Gies
heinz@REDACTED
Tue Jan 3 08:32:12 CET 2012
Thanks for the clarification Bob :),
I did a little testing and it confirmed what you said, 2^16 key value pairs make it slower about 2-3s for a request on cowboy but it is a quite linear progression of slowdown :)
Regards,
Heinz
--
Heinz N. Gies
heinz@REDACTED
http://licenser.net
On Jan 3, 2012, at 08:04, Bob Ippolito wrote:
> On Mon, Jan 2, 2012 at 10:58 PM, Heinz N. Gies <heinz@REDACTED> wrote:
> Please correct me if I am wrong, I might have misunderstood something entirely.
>
> * All listed Servers use Prop Lists.
> * Prop Lists are liked lists with the elements having the form {key, value}.
> * The demonstrated DoS Attack on the Hash tables causes hash tables (usually having a very fast lookup time) to act like linked lists / arrays.
>
> Doesn't that lead to the conclusion that all listed servers are vulnerable to a even simpler version of the attack since no collisions need to be crafted?
>
> The attack is only effective if insert is slow. Insert of N keys is worst case O(N) for proplist, which is optimal. Insert of N keys is worst case O(N^2) for hash tables. Remember that you have to traverse the whole list of keys that hash the same to determine if there is a collision or not.
>
> -bob
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20120103/98cad33c/attachment.htm>
More information about the erlang-questions
mailing list