Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

inkdroid (3294)

inkdroid
  (email not shown publicly)
http://www.inkdroid.org/
AOL IM: inkdroid (Add Buddy, Send Message)
Yahoo! ID: summe_e (Add User, Send Message)
Jabber: inkdroid

inkdroid is a person, not a robot. however, inkdroid likes ink. inkdroid likes perl too.

Journal of inkdroid (3294)

Tuesday June 03, 2003
10:50 AM

attack of the killer hashes

[ #12589 ]

By now you've probably already seen the news articles about this new form of DoS, which essentially makes the attacked computer do lots of work without bombarding it at the network layer. I didn't realize that the attacks were demonstrated on Perl regexes and hashes. I haven't read the article yet, but here's an excerpt from the original.

We present a new class of low-bandwidth denial of service attacks that exploit algorithmic deficiencies in many common applications' data structures. Frequently used data structures have ``average-case'' expected running time that's far more efficient than the worst case. For example, both binary trees and hash tables can degenerate to linked lists with carefully chosen input. We show how an attacker can effectively compute such input, and we demonstrate attacks against the hash table implementations in two versions of Perl, the Squid web proxy, and the Bro intrusion detection system. Using bandwidth less than a typical dialup modem, we can bring a dedicated Bro server to its knees; after six minutes of carefully chosen packets, our Bro server was dropping as much as 71% of its traffic and consuming all of its CPU. We show how modern universal hashing techniques can yield performance comparable to commonplace hash functions while being provably secure against these attacks.

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.