jwzFeb 7, 2024

Harassing botnets with zipbombs.

The idea is this: instead of just blocking IP addresses that hit honeypot URLs, feed them a compressed document that massively expands on their end, making them run out of memory and crash.

This is extremely...
https://jwz.org/b/ykMS

Harassing botnets with zipbombs

The idea is this: instead of just blocking IP addresses that hit honeypot URLs, feed them a compressed document that massively expands on their end, making them run out of memory and crash. This is extremely hypothetical. Maybe they won't actually crash. We can dare to dream, though. But, for laughs, I decided to try this out on Ye Olde Webbe Syte. It was tricky to figure out how to get ...

Show threadclausFeb 7, 2024
@jwz If not gzip, then maybe brotli?
Show threadjwzFeb 7, 2024
@claus As "Accept-Encoding: br" doesn't even work on google dot com, I can only assume that this is the WebP of compression algorithms.
Show threadclausFeb 8, 2024
@jwz Huh?
Show threadjwzFeb 8, 2024
@claus
# wget -qO/tmp/a --header 'Accept-Encoding: br' https colon //www.google dot com/ ; file /tmp/a
/tmp/a: HTML document text, ASCII text, with very long lines (11449)
Show threadclausFeb 8, 2024
@jwz Not sure what you're trying to tell me. Are you worried about the "very long lines"? Google dot com serves minified content, which results in very long lines.
Show threadjwzFeb 8, 2024
@claus It is serving plain text, not br. If you change br to gzip, 'file' says "gzip compressed data".
Show threadclausFeb 8, 2024
@jwz Oh gotcha. I don't know what Google does there, but i tried some other random site and it returned brotli compressed data (file simply says "data")
Show threadclaus
@jwz
Feb 8, 2024 at 1:19amWeb
Show threadjwzFeb 8, 2024
@claus Yup I also get br for that one.