Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 10 submissions in the queue.

Software Dev Fortifies His Blog With 'Zip Bombs' - Attacking Bots Meet Their End With Software

posted by mrpg on Monday May 05, @10:18PM   Printer-friendly
from the use-lha dept.

Arthur T Knackerbracket has processed the following story:

Diallo says he made a 1MB file that decompresses into 1GB to disable bots trying to break into his system. He also has a 10MB-to-10GB compressed file for bots with more resources, ensuring that their memory is overwhelmed by this massive archive.

This is how this defensive bombing system works: when Diallo detects an offending bot, his server returns a 200 OK response and then serves up the zip bomb. The file’s metadata tells the bot that it’s a compressed file, so it will then open it in an attempt to scrape as much information as possible. However, since the file is at least 1GB when unpacked, it will overwhelm the memory of most simple — and even some advanced — bots. If he faces a more advanced scraper with a few gigabytes of memory, he’ll feed it the 10GB zip bomb, which will most likely crash it.

If you want to try this system for yourself, Diallo outlines how you can create your own bot-targeting zip bomb on his blog. He notes that you should be careful when doing that, though, as you can potentially self-detonate (i.e., accidentally open the zip bomb), and crash your own server. They’re also not 100% effective, as there are ways to detect zip and disregard zip bombs. But for most simple bots, this should be more than enough to cause its server to freeze and take it out — at least until its system is restarted.

Original Submission

 
This discussion was created by mrpg (5708) for logged-in users only, but now has been archived. No new comments can be posted.
Software Dev Fortifies His Blog With 'Zip Bombs' - Attacking Bots Meet Their End With Software | Log In/Create an Account | Top | 10 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by VLM on Tuesday May 06, @01:17AM (2 children)

    by VLM (445) Subscriber Badge on Tuesday May 06, @01:17AM (#1402862)

    I wonder what various backup systems would think about this. I think the guy is safe but it might get interesting if they ever do a restore. Maybe.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 1, Informative) by Anonymous Coward on Tuesday May 06, @02:14AM (1 child)

    by Anonymous Coward on Tuesday May 06, @02:14AM (#1402871)
    Shouldn't be a problem for most backup/restore systems.

    Many malware scanning systems on the other hand might try to unpack it. Most shouldn't crash though, since zip bombs are ancient stuff.

    That said might be new to the generation of noobs taking over...

    • (Score: 4, Funny) by PiMuNu on Tuesday May 06, @11:40AM

      by PiMuNu (3823) on Tuesday May 06, @11:40AM (#1402895)

      Back in the noughties a work colleague found out about zip bombs and decided to see if it would take down our email server by sending himself a zip bomb on email. It was about the same time that they started scanning incoming email for viruses, often hidden in zip files. He didn't tell the IT people about his informal test however, with predictable results...