Sometimes on the Internet, bad actors try to feel you out with requests to
/admin/index.php, or whatever else.
What is the worst behavior we can elicit towards these actors, and how can we do it with Cowboy?
Here are a list of (some are obv. bad for us as well) suggestions to get us started:
- Close the connection but don’t tell them.
- Slow reply.
- Large reply.
- Malformed reply.
- Infinitely redirect between some endpoints.
Return a fake WordPress login page.
Jokes apart, silently closing the connection would be a good one, as it is very low cost on the server.
ZIP bombing them might be quite naughty.
I love that idea!
A quick Google’ing shows many people already did it with the exact same purpose!
There are stuff like 10KB .zip files that can expand to one terabyte. So yeah, it’s a very good way to tell somebody “hands off!”.
I have read somewhere that certain protocols like Telnet allow you to keep sending an ever-increasing amount of data (that the server itself does not need to keep around) without the response ever ‘ending’ (but importantly also without it ever timing out), allowing you to make the connection of an attacker hang.
Not only will this prevent them from hacking you, you will also be providing a service for the internet as a whole by trapping an attacker.
Unfortunately I cannot find this particular project at this time, although many similar Honeypots exist.