Irenes (many)Apr 7
this feels like a nice afternoon to just watch incoming traffic in the system log, flowing by quietly
Show threadIrenes (many)Apr 7
it's interesting how the pace can be faster or slower. relaxing.
Show threadIrenes (many)Apr 7
most of this is legit traffic, even if we have minor capacity issues from it. that feels good. the "default" situation with any self-hosting scenario is that most traffic is malicious.
Show threadIrenes (many)Apr 7
it would be a lot of work to compare for-real, and the point of doing this is to relax, so we won't... but it feels like this is slower than before we put the 429 thing in place. so that's good.
Show threadFredApr 7
@ireneista I put a 302 in place for requests to .git/* to httped://hil-speed.hetzner.com/10GB.bin and it gives me a chuckle when I seem the logs :~)
Show threadFredApr 7
@ireneista sorry I shouldn't have linked to the actual file...
Show threadJohn William David ThomsonApr 7

@fcbsd @ireneista I wonder how hard it would be to make a zip bomb type file be returned with the built in compression in http requests for anything malicious looking.

Could just expand to "403 get lost" or something a trillion times.

Show threadFredApr 7
@jwdt @ireneista I want to play with the PNG expanding image approach, which with a carefully created deflated PNG it expands much bigger so you serve a tiny file that is unpacked much larger on the malicious server
Show threadJohn William David ThomsonApr 7
@fcbsd @ireneista or if you can keep connections open inexpensively enough, stream one byte every few seconds for as long as it'll listen.
Show threadFredApr 7
@jwdt @ireneista there has been a few projects that take the tarpit approach, I've used one with ssh that took several hours to send the initial handshake
Show threadJohn William David ThomsonApr 7
@fcbsd @ireneista I think I've used actual ssh servers that felt like they did that.
Show threadIrenes (many)Apr 7

@jwdt @fcbsd as kids we had a 2400 baud modem

we would telnet into Unix servers and every so often there'd be a latency spike and we wouldn't be able to see what we were typing for several seconds

and if we were doing anything web-related in another window we could track the progress of the web requests by how they affected the telnet session

Show threadFredApr 7
@ireneista @jwdt my first modem was a 56k cardbus modem, but I did once use my Nokia 8210 as 9600 baud modem...
Show threadIrenes (many)Apr 7

@fcbsd @jwdt oh wow yes it was very neat to use those phones like that

did you know that when a phone's CPU talks to the SIM card, it uses the Hayes modem protocol to do it?

Show threadFred
@ireneista @jwdt that will awaken the memories of AT command sets...
Apr 7 at 10:56pmWeb