[erlang-questions] Erlang/OTP based systems and DDoS

Rainer Hansen rainer.hansen@REDACTED
Mon Oct 27 13:04:30 CET 2014 

Max Lapshin <max.lapshin@REDACTED> writes:

> Rainer, there is no simple thing like "DDoS" protection.
>
> You need to plan what ddos are you going to handle, because if you get
> 5 gbit/s of SYN flood, it doesn't matter what language for your
> website do you choose, it matter what ddos protection service do you
> choose.
>
> For example, if you are under serious ddos attack, you have only one
> choice: go to company that have control over it's AS connectivity and
> at least 100-200 gbit/s of connectivity and ask them for a protection.
> They will give you new IP address of a proxy. This proxy will filter
> about 99,99% of traffic and leave only valuable requests. So again: it
> doesn't matter what language do you choose.
>
> But of course there are serious design ideas that make erlang much
> superior comparing to node.js or even Java. It is process+messaging
> model.

Max and the others thanks for your replis.

As I have understood from the comments there are various levels of
attacks. An attack flooding the network have to be handled different
than the attack against a certain service.

Do I understand right that it takes even with "external help" time to
handle a DDoS attack. The attackers might try various methods and you
have defend against them. To get the defense in place and to work
properly takes time and as more scalable your infrastructure is as
quicker you can get to normal service quality. Erlang systems can be
designed to be quite scalable at a reasonable cost which should make it
possible to go back to normal service quality faster than less scalable
systems. 

I wonder if the process supervision might help to handle certain attacks
better than systems build in JEE or node.js? Processes showing strange
behaviour could be killed fast and hence less load should be on such
systems.

Erlang/OTP systems can be quite flexible changed during runtime. Isn't
that another important point under such attacks when the traffic level
is not completely flooding the node?

Rainer

More information about the erlang-questions mailing list