Comment by nostoc
8 years ago
He does not base the attack on IP address. He detects vulnerability scanner and send them the crafted content.
You ask for something a vulnerability scanner would ask for? You get a gzip bomb.
8 years ago
He does not base the attack on IP address. He detects vulnerability scanner and send them the crafted content.
You ask for something a vulnerability scanner would ask for? You get a gzip bomb.
> Awesome! My production implementation of the bomb also looks at 404's and 403's per IP and if there are too many of those it will send the bomb. [0]
[0] https://www.reddit.com/r/PHP/comments/6lfl6p/i_have_created_...