Botnet vs. Botnet: Can A Good Botnet Block A Bad One?
from the battle-of-the-botnets dept
Last year we wrote about how rival online scammer gangs had their botnets fighting each other by disabling trojans of competing botnets on their computers — but it appears that some researchers have a different idea for creating a “good” botnet to fight the “bad” botnets being used for denial of service attacks (found via Slashdot). This is quite different than some older proposals to create “good worms” that go about automatically patching infected machines (which are wide open to abuse). Instead, the idea is rather creative. It involves setting up a distributed system of computers that effectively act as a way station for connect requests — which then wait for the actual server to request the inbound requests. This prevents the server from being overloaded (though, I would imagine it could slow down access somewhat). Either way, it’s nice to see efforts under way to stop such zombie botnets. Hopefully someone isn’t sitting on a patent for such an idea and waiting to sue, like we’ve seen with other security measures.
Filed Under: botnets, denial of service, zombies
Comments on “Botnet vs. Botnet: Can A Good Botnet Block A Bad One?”
It would be nice if software was designed to not be easily compromised. cough – javascript –
It also would be nice if folks were more attune to the ramifications of their actions. “Oh look, a free screen saver”
Oh well …
Oh, come on. Don’t we know by now that domesticating zombies will never work? Every movie where they’ve tried that, it’s ended badly…
Stupid, stupid Idea
One: Even if its working you are adding a lot of network traffic for something that may not work.
Two: What if your botnet gets compromised? Congratulations, you have a bigger problem now.
While it makes for interesting reading, its only a “good idea” if its a work of fiction for the entertainment value. The realities of getting this idea to even work correctly cripple the idea from the start.
Real life != Cyberpunk. No matter how much the fake timeline in CP 2020 is starting to look like reality…
Re: Stupid, stupid Idea
Its easy to shoot something down, but it would be better if you could come up with an alternative suggestion…
You can’t expect that everyone is computer savy enough to ensure that their computer does not become part of a botnet, so why not “police” the net for these types of threats?
I agree you are increasing traffic, but is that really an argument? Should we say that we leave criminals on the street because there is not enough cells to lock them up?
Them being taken over by the baddies is indeed a valid argument and it just means that counter measures need to be taken to deal with those cases.
(If the bad guys can take over the good guys, then why not the otherway around…)
We should not follow it blindly, since the good guys might not always have good intentions too… Think ads, internet behaviour etc. But it is a start to deal with this issue.
Re: Re: Stupid, stupid Idea
You are right like how Mike always shoots down the ideas the entertainment industry has, but never has a legitimate idea of his own.
Also, you setup the botnet to seek “updates.” Hmmm…
Re: Re: Re: Stupid, stupid Idea
You are right like how Mike always shoots down the ideas the entertainment industry has, but never has a legitimate idea of his own.
Er… have you missed the over 10 years of explanations, examples and research about how to structure a better business model?
Nope. No ideas of my own at all.
RE: Stupid, stupid idea
AC:
One: Even if it’s working you are adding a lot of network traffic for something that…is working?
And no, you’re not really adding much network traffic — and even so any additional traffic would just be O(1). You’re simply distributing proxies to handle incoming requests — it’s technically not all that crazy sounding features that Just Work every day.
Two: this gripe has a bit more legitimacy complaint, but it applies equally to building and networking any equipment equally.
The bottom line is DDoS attacks are one of the few remaining achilles heels of web architecture. Technical solutions like the one proffered are not only possible, they damn well may be necessary should Russia light up its bot net again like it suspected to have done against Estonia.
Simple Fix...
What would be wrong with an ISP having an automated monitoring system that based on what triggered it would call for human review or a temporary “circuit break” on their Internet line? Just like driving a car on the public streets, there is a certain amount of responsibility that comes with driving your PC on the Internet. Just as police pull over cars that aren’t driving safely…
Whether you agree or not, I know the answer to why ISPs won’t do it. It would cost too much in resources to communicate with all their customers that are infected – it’s cheaper for them to have bad traffic on their network then try and educate the end-user that their PC is infected, etc.
Freedom