DDoS attacks - PHP hash vulnerability causes of

DDoS PHP Attacks Vulnerability Principle:

Rely on the appropriate language of the hashtable/hashmap is the implementation process (request more than this structure), when different key deposit if the hash values are equal while the linked list connected to the front. This exploits the collision the same hash is worth to a long linked list, re-get the map calculation process the time complexity of the huge increase, originally a simple process will become a very expensive cpu process.

Impact on:

Fastest time tomcat announced a solution.

php upgrade.

The Microsoft  announcement http://technet.microsoft.com/en-us/security/bulletin/ms11-100.

The solution:

tomcat

Provisional measures:

The default size of 2097152 when maxPostSize = 0, do not be limited accordingly; when maxPostSize = 20.97152 million, 20M, replaced by a value of less than 10k, all versions are available, it will affect users.

Lasting solution to:

MaxParameterCount default value with the new version, 1000.

nginx

Provisional measures:

The default maximum request body size 8m, modify the settings client_max_body_size = 10k; move one size fits all cases, will affect the user.

Lasting solution to:

No, it should soon be max_request_count the parameters.

php

Lasting solution to:

php upgrade to 5.3.9,5.2 need to play patch.

How to Stop Distributed Denial of Service



This address is http://www.computerites.com/computer-skills/2012/02/ddos-attacks-php-hash-vulnerability-causes-of-395.html