Mike Bommarito

Mike BommaritoBuilder, Researcher, Teacherhttps://michaelbommarito.comen-uschunkloris: per-chunk http amplificationhttps://michaelbommarito.com/wiki/chunklorishttps://michaelbommarito.com/wiki/chunkloriscross-ecosystem measurement of per-chunk / per-frame cpu cost in production http/1, http/2, http/3, and websocket servers under one-byte-per-chunk request bodiesFri, 22 May 2026 00:00:00 GMTclassifying packet payloads with mimelenshttps://michaelbommarito.com/wiki/models/mimelens-pcap-classificationhttps://michaelbommarito.com/wiki/models/mimelens-pcap-classificationhow to identify file content type from a tcpdump pcap — including from a single 1.4 kb udp datagram — using the mimelens-medium-byte encoder.Fri, 22 May 2026 00:00:00 GMTmimelens: small encoders for content-type detection on any byte windowhttps://michaelbommarito.com/wiki/models/mimelenshttps://michaelbommarito.com/wiki/models/mimelenspretrained byte-level and bpe BERT encoders that classify file content from a 4 kb chunk anywhere inside a file — including a single 1.4 kb udp packet.Fri, 22 May 2026 00:00:00 GMTchunkloris: actix-web (h2c)https://michaelbommarito.com/wiki/per-chunk-amplification/actix-h2https://michaelbommarito.com/wiki/per-chunk-amplification/actix-h2HTTP/2 (h2c) DATA frames. actix-web (h2c) 4.x. verdict: batches correctly.Fri, 22 May 2026 00:00:00 GMTchunkloris: actix-webhttps://michaelbommarito.com/wiki/per-chunk-amplification/actix-webhttps://michaelbommarito.com/wiki/per-chunk-amplification/actix-webHTTP/1.1 chunked transfer encoding. actix-web 4.x. verdict: vulnerable per chunk.Fri, 22 May 2026 00:00:00 GMTchunkloris: aioquic HTTP/3 example-style serverhttps://michaelbommarito.com/wiki/per-chunk-amplification/aioquic-h3https://michaelbommarito.com/wiki/per-chunk-amplification/aioquic-h3HTTP/3 DATA frames over QUIC. aioquic HTTP/3 example-style server aioquic 1.3.0. verdict: vulnerable per frame.Fri, 22 May 2026 00:00:00 GMTchunkloris: axum (on hyper)https://michaelbommarito.com/wiki/per-chunk-amplification/axumhttps://michaelbommarito.com/wiki/per-chunk-amplification/axumHTTP/1.1 chunked transfer encoding. axum (on hyper) 0.7 / hyper 1.x. verdict: vulnerable per chunk.Fri, 22 May 2026 00:00:00 GMTchunkloris: bandit (h2c)https://michaelbommarito.com/wiki/per-chunk-amplification/bandit-h2https://michaelbommarito.com/wiki/per-chunk-amplification/bandit-h2HTTP/2 (h2c) DATA frames. bandit (h2c) 1.11.1. verdict: vulnerable per frame.Fri, 22 May 2026 00:00:00 GMTchunkloris: bandithttps://michaelbommarito.com/wiki/per-chunk-amplification/bandithttps://michaelbommarito.com/wiki/per-chunk-amplification/banditHTTP/1.1 chunked transfer encoding. bandit 1.11.1. verdict: vulnerable per chunk.Fri, 22 May 2026 00:00:00 GMTchunkloris: cowboy (h2c)https://michaelbommarito.com/wiki/per-chunk-amplification/cowboy-h2https://michaelbommarito.com/wiki/per-chunk-amplification/cowboy-h2HTTP/2 (h2c) DATA frames. cowboy (h2c) 2.15.0 (cowlib 2.16.1, ranch 2.2.0). verdict: protected h2 goaway.Fri, 22 May 2026 00:00:00 GMT