[erlang-questions] Efficient Denial of Service Attacks on Web Application Platforms and it's effects in Erlang?

Bob Ippolito bob@REDACTED
Tue Jan 3 08:04:38 CET 2012


On Mon, Jan 2, 2012 at 10:58 PM, Heinz N. Gies <heinz@REDACTED> wrote:

> Please correct me if I am wrong, I might have misunderstood something
> entirely.
>
> * All listed Servers use Prop Lists.
> * Prop Lists are liked lists with the elements having the form {key,
> value}.
> * The demonstrated DoS Attack on the Hash tables causes hash tables
> (usually having a very fast lookup time) to act like linked lists / arrays.
>
> Doesn't that lead to the conclusion that all listed servers are vulnerable
> to a even simpler version of the attack since no collisions need to be
> crafted?
>

The attack is only effective if insert is slow. Insert of N keys is worst
case O(N) for proplist, which is optimal. Insert of N keys is worst case
O(N^2) for hash tables. Remember that you have to traverse the whole list
of keys that hash the same to determine if there is a collision or not.

-bob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20120102/9b6fc7d7/attachment.htm>


More information about the erlang-questions mailing list