[erlang-questions] Efficient Denial of Service Attacks on Web Application Platforms and it's effects in Erlang?

Heinz N. Gies <>
Tue Jan 3 08:32:12 CET 2012


Thanks for the clarification Bob :),
I did a little testing and it confirmed what you said, 2^16 key value pairs make it slower about 2-3s for a request on cowboy but it is a quite linear progression of slowdown :)

Regards,
Heinz
--
Heinz N. Gies

http://licenser.net

On Jan 3, 2012, at 08:04, Bob Ippolito wrote:

> On Mon, Jan 2, 2012 at 10:58 PM, Heinz N. Gies <> wrote:
> Please correct me if I am wrong, I might have misunderstood something entirely.
> 
> * All listed Servers use Prop Lists.
> * Prop Lists are liked lists with the elements having the form {key, value}.
> * The demonstrated DoS Attack on the Hash tables causes hash tables (usually having a very fast lookup time) to act like linked lists / arrays.
> 
> Doesn't that lead to the conclusion that all listed servers are vulnerable to a even simpler version of the attack since no collisions need to be crafted?
> 
> The attack is only effective if insert is slow. Insert of N keys is worst case O(N) for proplist, which is optimal. Insert of N keys is worst case O(N^2) for hash tables. Remember that you have to traverse the whole list of keys that hash the same to determine if there is a collision or not.
> 
> -bob
>  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20120103/98cad33c/attachment.html>


More information about the erlang-questions mailing list