<div>Hi all.</div><div><br></div><div><div>Efficient Denial of Service Attacks on Web Application Platforms: <a href="http://events.ccc.de/congress/2011/Fahrplan/attachments/2007_28C3_Effective_DoS_on_web_application_platforms.pdf">http://events.ccc.de/congress/2011/Fahrplan/attachments/2007_28C3_Effective_DoS_on_web_application_platforms.pdf</a></div>
<div><br></div><div>Tl;dr:</div><div><br></div><div>It's not strictly platforms that are targeted, it's languages (!)</div><div>Most of the time web forms are processed and stored in hash tables.</div><div>It is quite easy to craft a request with hash table collisions.</div>
<div><br></div><div>PHP, Java, C# (<a href="http://ASP.NET">ASP.NET</a>), Python, Ruby — all are vulnerable.</div><div><br></div><div>PHP: 1 Gbit/s attack will keep ~10.000 i7 cores busy</div><div>Python: 1 Gbit/s attack will keep ~5·104 Core Duo cores busy</div>
<div><br></div><div>etc.</div><div><br></div><div>The link above contains technical details</div><div></div></div><div><br></div><div><br></div><div>I wonder if Erlang-based web platforms/servers etc. are affected and if they are affected?</div>
<div><br></div><div>Specifically, I'm worried about</div><div><br></div><div>- Yaws</div><div>- Mochiweb</div><div>- Webmachine</div><div>- Misultin</div><div>- Cowboy</div><div><br></div><div>:)</div>