Botnet vs. Botnet: Can A Good Botnet Block A Bad One?
from the battle-of-the-botnets dept
Last year we wrote about how rival online scammer gangs had their botnets fighting each other by disabling trojans of competing botnets on their computers -- but it appears that some researchers have a different idea for creating a "good" botnet to fight the "bad" botnets being used for denial of service attacks (found via Slashdot). This is quite different than some older proposals to create "good worms" that go about automatically patching infected machines (which are wide open to abuse). Instead, the idea is rather creative. It involves setting up a distributed system of computers that effectively act as a way station for connect requests -- which then wait for the actual server to request the inbound requests. This prevents the server from being overloaded (though, I would imagine it could slow down access somewhat). Either way, it's nice to see efforts under way to stop such zombie botnets. Hopefully someone isn't sitting on a patent for such an idea and waiting to sue, like we've seen with other security measures.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: botnets, denial of service, zombies
Reader Comments
Subscribe: RSS
View by: Time | Thread
It also would be nice if folks were more attune to the ramifications of their actions. "Oh look, a free screen saver"
Oh well ...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Stupid, stupid Idea
Two: What if your botnet gets compromised? Congratulations, you have a bigger problem now.
While it makes for interesting reading, its only a "good idea" if its a work of fiction for the entertainment value. The realities of getting this idea to even work correctly cripple the idea from the start.
Real life != Cyberpunk. No matter how much the fake timeline in CP 2020 is starting to look like reality...
[ link to this | view in chronology ]
Re: Stupid, stupid Idea
You can't expect that everyone is computer savy enough to ensure that their computer does not become part of a botnet, so why not "police" the net for these types of threats?
I agree you are increasing traffic, but is that really an argument? Should we say that we leave criminals on the street because there is not enough cells to lock them up?
Them being taken over by the baddies is indeed a valid argument and it just means that counter measures need to be taken to deal with those cases.
(If the bad guys can take over the good guys, then why not the otherway around...)
We should not follow it blindly, since the good guys might not always have good intentions too... Think ads, internet behaviour etc. But it is a start to deal with this issue.
[ link to this | view in chronology ]
Re: Re: Stupid, stupid Idea
Also, you setup the botnet to seek "updates." Hmmm...
[ link to this | view in chronology ]
Re: Re: Re: Stupid, stupid Idea
Er... have you missed the over 10 years of explanations, examples and research about how to structure a better business model?
Nope. No ideas of my own at all.
[ link to this | view in chronology ]
RE: Stupid, stupid idea
One: Even if it's working you are adding a lot of network traffic for something that...is working?
And no, you're not really adding much network traffic -- and even so any additional traffic would just be O(1). You're simply distributing proxies to handle incoming requests -- it's technically not all that crazy sounding features that Just Work every day.
Two: this gripe has a bit more legitimacy complaint, but it applies equally to building and networking any equipment equally.
The bottom line is DDoS attacks are one of the few remaining achilles heels of web architecture. Technical solutions like the one proffered are not only possible, they damn well may be necessary should Russia light up its bot net again like it suspected to have done against Estonia.
[ link to this | view in chronology ]
Simple Fix...
Whether you agree or not, I know the answer to why ISPs won't do it. It would cost too much in resources to communicate with all their customers that are infected - it's cheaper for them to have bad traffic on their network then try and educate the end-user that their PC is infected, etc.
Freedom
[ link to this | view in chronology ]