jwzFeb 7, 2024

Harassing botnets with zipbombs.

The idea is this: instead of just blocking IP addresses that hit honeypot URLs, feed them a compressed document that massively expands on their end, making them run out of memory and crash.

This is extremely...
https://jwz.org/b/ykMS

Harassing botnets with zipbombs

The idea is this: instead of just blocking IP addresses that hit honeypot URLs, feed them a compressed document that massively expands on their end, making them run out of memory and crash. This is extremely hypothetical. Maybe they won't actually crash. We can dare to dream, though. But, for laughs, I decided to try this out on Ye Olde Webbe Syte. It was tricky to figure out how to get ...

Show threadchebra
@jwz this one looks better: https://tech.lgbt/@becomethewaifu/111879788755441482
Emelia/Emi (@[email protected])

Content warning: code

LGBTQIA+ and Tech
Feb 8, 2024 at 4:59amWeb
Show threadjwzFeb 8, 2024
@chebra As I said elsewhere in the thread, I have observed that many botnets are so crap that they don't know how to process 301 redirects. Also I strongly suspect that a null-bomb would be less effective since they're likely to just interpret the first byte as EOF.
Show threadchebraFeb 8, 2024
@jwz there is no 301 in the comment I linked. Other people are reporting having observed a decrease in bot activity after deploying that, as the bots get stuck on it, while you are reporting errors in logs. It really does seem like the other solution is more proven, less hypothetical. Suspicions can be tested.