28c3: Effective Denial of Service attacks against web application platforms
Loading...
Uploaded by 28c3 on Dec 28, 2011
Download hiqh quality version: http://bit.ly/rKwW58
Description: http://events.ccc.de/congress/2011/Fahrplan/events/4680.en.html
Alexander 'alech' Klink, Julian | zeri: Effective Denial of Service attacks against web application platforms
We are the 99% (CPU usage)
This talk will show how a common flaw in the implementation of most of the popular web
programming languages and platforms (including PHP, ASP.NET, Java, etc.) can
be (ab)used to force web application servers to use 99% of CPU for several
minutes to hours for a single HTTP request.
This attack is mostly independent of the underlying web application and just
relies on a common fact of how web application servers typically work.
- 136 likes, 5 dislikes
-
- 2:03
Mythbusters banned from talking about RFID chip by Visa and Mastercardby littletammy20351,024 views
- 0:36
Girl with a funny talent. [original video]by theinternetisaweird30,633,808 views
- 2:30
DoS attack (Crashing) a website with CMD--ONLY FOR EDUCATION PURPOSEby fzkn4u24,547 views
- 3:27
Ddos Attackby vasyitaliano22,712 views
- 3:57
How To DDOS A Website (Crash It)by sirbushythethird365,108 views
- 3:01
Kino Yoga Science of Healing Plum TV Miami Beachby KinoYoga140,451 views
- 1:06:11
28c3: Black Ops of TCP/IP 2011by 28c37,618 views
- 1:07:34
28c3: Taking control over the Tor networkby 28c33,752 views
- 0:50
How To - Ddos Attack tutorial ( Take a simple site down )by TeachYouThings844 views
- 1:22
Denial of Service Attackby nivresa11,976 views
- 0:27
killer frogby gotowo1,088,962 views
- 59:12
28c3: New Ways I'm Going to Hack Your Web Appby 28c34,577 views
- 1:01:00
28c3: The Atari 2600 Video Computer System: The Ultimate Talkby 28c34,750 views
- 1:25:40
28c3: How governments have tried to block Torby 28c342,884 views
- 54:47
28c3: Datamining for Hackersby 28c33,497 views
- 1:03:37
28c3: Print Me If You Dareby 28c325,357 views
- 26:03
28c3: Reverse Engineering USB Devicesby 28c37,591 views
- 56:23
28c3: Rootkits in your Web applicationby 28c33,227 views
- 0:24
Gwapo's Professional DDOS Service ( Take down websites for long term )by Gwapologist11,305 views
- 40:51
28c3: Geeks and depression panelby 28c36,701 views
@md2perpe You are right. Thats a well known alternative. But i think you must use a balanced tree to gain optimal performance. It's more complicated to do insertion and deletion. But the lookup, like you said, is O(n*log(n)). I would prefer a b-tree if I have a very large immutable set of data and the only thing i do are lookups.
j00mi 1 month ago
A hash table is normally implemented as an array of lists. Then in worst case, insertion takes O(n^2). What if you instead used a balanced binary search tree? Wouldn't that be better and in worst case take O(n log n)? And as long as the elements in the hash table are well spread out, it shouldn't be slower than a list.
md2perpe 1 month ago
if bucket lookup and str cmp is part of the algorithm then O(n^2) is correct
j00mi 1 month ago
@nzer19 i think they're trying to point out the the string comparisons in addition to the linked list traversals. but agree that O(n^2) is the wrong measure if that's the case.
uenyioha 1 month ago
@Koniiiik lets not engage in semantic hairspliting shall we?
echtwahr 1 month ago
33:38 He said 'sex' D:
Youloeka 1 month ago
This comment has received too many negative votes show
omg, nothing new, i done article about php security in 17 dec on my blog, and there is setting what block this attack...
adamziaja 1 month ago
47:50.. fucking hilarious
DJ1TWITCH1 1 month ago
@nzer19 Actually, I'm pretty sure they mentioned the n² run time is for n insertions. And yes, this is not only O(n²) but Θ(n²).
Koniiiik 2 months ago
If you are using a language that does not randomize the hashing you could also place a random prefix in front of each hash key through using a subclass of hash. No? Didn't see the entire talk because honestly ... get to the point guys :|
Spo0Bo 2 months ago