You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -45,7 +45,7 @@ If left unsecured, exposed Erlang Distribution ports let attackers gain a footho
Ensuring that distribution ports are only accessible via localhost or a private network interface further reduces the attack surface.
-**Remove or avoid using `-name` or `-sname` if you don’t need clustering**:
If you’re not clustering nodes, don’t assign them a name that registers with EPMD. Without a name, your node won’t appear in EPMD’s registry, making it harder for attackers to locate your distribution ports.
If you’re not clustering nodes, don’t assign them a name. Without -name or -sname, the node won’t just be absent from EPMD—it disables Erlang distribution entirely. This means your application won’t attempt to listen on distribution ports at all, further reducing the attack surface.
**For RabbitMQ users:**
- RabbitMQ runs on Erlang and uses EPMD behind the scenes. Even if you never interact directly with Erlang, you may still be affected if Erlang Distribution ports are exposed.
Expand DownExpand Up
@@ -99,7 +99,7 @@ If you don’t need external clustering, ensure EPMD and the Erlang Distribution
- Deploy firewalls, security groups, or network access control lists (ACLs) to ensure port 4369 is not reachable from untrusted networks.
- Deploy firewalls, security groups, or network ACLs to ensure that no unintended ports—including 4369—are exposed to untrusted networks, leaving only the ports you explicitly intend to serve publicly accessible.
