[Python-Dev] Make str/bytes hash algorithm pluggable? (original) (raw)
Victor Stinner victor.stinner at gmail.com
Sat Oct 5 01:27:37 CEST 2013
- Previous message: [Python-Dev] Make str/bytes hash algorithm pluggable?
- Next message: [Python-Dev] Make str/bytes hash algorithm pluggable?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
2013/10/4 <martin at v.loewis.de>:
Quoting Victor Stinner <victor.stinner at gmail.com>:
I still fail to understand the real impact of a hash DoS compared to other kinds of DoS. I think the key question is: how many attacking nodes do you need to control to effectively make some system deny service. A threat is bigger if you can do it in 10 requests/s from a single host, instead of needing 10,000 hosts, each making 1000 request/s.
Correct. I know that they are some other "cheap" attacks directly at the network layer. For example, the "spamhaus/CloudFlare" attack which made a lot of noise ("300 Gbit/sec") used a DNS "trick":
"The traffic is being generated primarily from DNS amplification attacks. Small requests are sent to DNS servers, generating responses from those servers that are about 50-100 times larger." http://arstechnica.com/security/2013/03/spamhaus-ddos-grows-to-internet-threatening-size/
In this case, you still need many computers to DoS a server (=> DDoS).
With the hash DoS, the threat is that if you manage to fill some dictionary with colliding keys, then each lookup will take a very long time, and you might arrange to put many lookups into a single HTTP request. So a single HTTP request might get very costly CPU-wise.
Ok, but why should we invest time to fix this specific DoS wheras there are other DoS like XML bomb? Why not setting a limit on the CPU time in your favorite web framework instead? I don't know the complexity of adding sandbox-like features to a web framework. (It's probably complex because we are discussing how to fix the issue directly in Python :-))
Whether this is a serious threat or not depends on what other threats the system being attacked is vulnerable to. Maybe there is something even simpler, or maybe the hash attack is the only hope of bringing the system to its knees.
Popular DDoS attack are usually the simplest, like flooding the server with ping requests, flooding the DNS server, flooding with HTTP requests which take a lot of time ot process, etc. Using a botnet, you don't care of using an inefficient DoS attack, because your power is the number of zombi.
I have no idea of the price of renting a botnet, it's probably expensive (and illegal as well).
IMO, the hash attack is particularly tricky since it is very easy to argue and very difficult to demonstrate. So it can result in fear and uncertainty very easily, causing people to overreact just so that they won't be accused of inactivity.
It would be easy to evaluate the risk with a public exploit on a real world application :-)
Victor
- Previous message: [Python-Dev] Make str/bytes hash algorithm pluggable?
- Next message: [Python-Dev] Make str/bytes hash algorithm pluggable?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]