Understanding the Security Risks of EPMD Exposure in the Erlang Ecosystem

The Erlang Port Mapper Daemon (EPMD) is crucial for clustering Erlang applications like RabbitMQ. However, exposing EPMD on the public internet can significantly increase security risks. Attackers can find discovery ports which allow them to join a cluster and run arbitrary code. To mitigate risks, it is recommended to restrict EPMD access through firewalls, bind distribution to non-public interfaces, and only use names for nodes that are necessary for clustering. A significant number of EPMD instances are exposed, creating vulnerabilities, especially for applications like RabbitMQ that utilize these ports. Implementing a firewall policy and understanding the security implications of Erlang distribution can greatly enhance application security.