Question for tech server peers who are reading: Any thoughts on active defense? I know that it's likely a zero-sum game, but I do tire of the constant barrage of poking for .SQL, .git, .vscode, .zip etc. files on my servers. Should I just continue to block and ignore? Or should I reward them with some sort of infinite-size quine ZIP file when it's an obviously malicious request? My guess is that most of these people are not very sophisticated, so messing up their day might help make mine.
@rpardee I think I'm just feeling a bit surly today.
@codeWhisperer "Always take the offensive. Never dig in." It suited Patton.😏
@codeWhisperer no, lay low. Passive defense.
@codeWhisperer If you serve them anything, wouldn't you pay for bandwidth?
There might be services out there that will receive redirections
@sjjh I was talking about sending them something like this (link). For example, the droste.zip file (which I might rename to something like (SQLDBBackup-20230328.zip) is only 28 K in size, so would be very minimal to transfer, yet when the user attempts to expand (or when their automatic virus scanner checks it out) it never stops expanding and takes up their entire drive (or CPU, if scanning it).
https://www.bamsoftware.com/hacks/zipbomb/
@codeWhisperer I'll be curious to see what the #infosec peeps on here have to say. Or maybe #ServerAdmin is a better tag?