Botnet vs. Botnet: Can A Good Botnet Block A Bad One?

from the battle-of-the-botnets dept

Last year we wrote about how rival online scammer gangs had their botnets fighting each other by disabling trojans of competing botnets on their computers -- but it appears that some researchers have a different idea for creating a "good" botnet to fight the "bad" botnets being used for denial of service attacks (found via Slashdot). This is quite different than some older proposals to create "good worms" that go about automatically patching infected machines (which are wide open to abuse). Instead, the idea is rather creative. It involves setting up a distributed system of computers that effectively act as a way station for connect requests -- which then wait for the actual server to request the inbound requests. This prevents the server from being overloaded (though, I would imagine it could slow down access somewhat). Either way, it's nice to see efforts under way to stop such zombie botnets. Hopefully someone isn't sitting on a patent for such an idea and waiting to sue, like we've seen with other security measures.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: botnets, denial of service, zombies


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 23 Apr 2008 @ 5:02pm

    It would be nice if software was designed to not be easily compromised. cough - javascript -

    It also would be nice if folks were more attune to the ramifications of their actions. "Oh look, a free screen saver"

    Oh well ...

    link to this | view in chronology ]

  • identicon
    Jake, 23 Apr 2008 @ 5:41pm

    Oh, come on. Don't we know by now that domesticating zombies will never work? Every movie where they've tried that, it's ended badly...

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Apr 2008 @ 6:45pm

    Stupid, stupid Idea

    One: Even if its working you are adding a lot of network traffic for something that may not work.

    Two: What if your botnet gets compromised? Congratulations, you have a bigger problem now.


    While it makes for interesting reading, its only a "good idea" if its a work of fiction for the entertainment value. The realities of getting this idea to even work correctly cripple the idea from the start.

    Real life != Cyberpunk. No matter how much the fake timeline in CP 2020 is starting to look like reality...

    link to this | view in chronology ]

    • identicon
      G!, 24 Apr 2008 @ 12:19am

      Re: Stupid, stupid Idea

      Its easy to shoot something down, but it would be better if you could come up with an alternative suggestion...

      You can't expect that everyone is computer savy enough to ensure that their computer does not become part of a botnet, so why not "police" the net for these types of threats?

      I agree you are increasing traffic, but is that really an argument? Should we say that we leave criminals on the street because there is not enough cells to lock them up?

      Them being taken over by the baddies is indeed a valid argument and it just means that counter measures need to be taken to deal with those cases.
      (If the bad guys can take over the good guys, then why not the otherway around...)

      We should not follow it blindly, since the good guys might not always have good intentions too... Think ads, internet behaviour etc. But it is a start to deal with this issue.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 24 Apr 2008 @ 6:15am

        Re: Re: Stupid, stupid Idea

        You are right like how Mike always shoots down the ideas the entertainment industry has, but never has a legitimate idea of his own.

        Also, you setup the botnet to seek "updates." Hmmm...

        link to this | view in chronology ]

        • icon
          Mike (profile), 24 Apr 2008 @ 10:04am

          Re: Re: Re: Stupid, stupid Idea

          You are right like how Mike always shoots down the ideas the entertainment industry has, but never has a legitimate idea of his own.

          Er... have you missed the over 10 years of explanations, examples and research about how to structure a better business model?

          Nope. No ideas of my own at all.

          link to this | view in chronology ]

  • identicon
    Dean Landolt, 23 Apr 2008 @ 7:39pm

    RE: Stupid, stupid idea

    AC:

    One: Even if it's working you are adding a lot of network traffic for something that...is working?

    And no, you're not really adding much network traffic -- and even so any additional traffic would just be O(1). You're simply distributing proxies to handle incoming requests -- it's technically not all that crazy sounding features that Just Work every day.

    Two: this gripe has a bit more legitimacy complaint, but it applies equally to building and networking any equipment equally.

    The bottom line is DDoS attacks are one of the few remaining achilles heels of web architecture. Technical solutions like the one proffered are not only possible, they damn well may be necessary should Russia light up its bot net again like it suspected to have done against Estonia.

    link to this | view in chronology ]

  • identicon
    Freedom, 24 Apr 2008 @ 8:55am

    Simple Fix...

    What would be wrong with an ISP having an automated monitoring system that based on what triggered it would call for human review or a temporary "circuit break" on their Internet line? Just like driving a car on the public streets, there is a certain amount of responsibility that comes with driving your PC on the Internet. Just as police pull over cars that aren't driving safely...

    Whether you agree or not, I know the answer to why ISPs won't do it. It would cost too much in resources to communicate with all their customers that are infected - it's cheaper for them to have bad traffic on their network then try and educate the end-user that their PC is infected, etc.

    Freedom

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.