Botnet vs. Botnet: Can A Good Botnet Block A Bad One?

from the battle-of-the-botnets dept

Last year we wrote about how rival online scammer gangs had their botnets fighting each other by disabling trojans of competing botnets on their computers — but it appears that some researchers have a different idea for creating a “good” botnet to fight the “bad” botnets being used for denial of service attacks (found via Slashdot). This is quite different than some older proposals to create “good worms” that go about automatically patching infected machines (which are wide open to abuse). Instead, the idea is rather creative. It involves setting up a distributed system of computers that effectively act as a way station for connect requests — which then wait for the actual server to request the inbound requests. This prevents the server from being overloaded (though, I would imagine it could slow down access somewhat). Either way, it’s nice to see efforts under way to stop such zombie botnets. Hopefully someone isn’t sitting on a patent for such an idea and waiting to sue, like we’ve seen with other security measures.

Filed Under: , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Botnet vs. Botnet: Can A Good Botnet Block A Bad One?”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Stupid, stupid Idea

One: Even if its working you are adding a lot of network traffic for something that may not work.

Two: What if your botnet gets compromised? Congratulations, you have a bigger problem now.

While it makes for interesting reading, its only a “good idea” if its a work of fiction for the entertainment value. The realities of getting this idea to even work correctly cripple the idea from the start.

Real life != Cyberpunk. No matter how much the fake timeline in CP 2020 is starting to look like reality…

G! says:

Re: Stupid, stupid Idea

Its easy to shoot something down, but it would be better if you could come up with an alternative suggestion…

You can’t expect that everyone is computer savy enough to ensure that their computer does not become part of a botnet, so why not “police” the net for these types of threats?

I agree you are increasing traffic, but is that really an argument? Should we say that we leave criminals on the street because there is not enough cells to lock them up?

Them being taken over by the baddies is indeed a valid argument and it just means that counter measures need to be taken to deal with those cases.
(If the bad guys can take over the good guys, then why not the otherway around…)

We should not follow it blindly, since the good guys might not always have good intentions too… Think ads, internet behaviour etc. But it is a start to deal with this issue.

Dean Landolt (profile) says:

RE: Stupid, stupid idea


One: Even if it’s working you are adding a lot of network traffic for something that…is working?

And no, you’re not really adding much network traffic — and even so any additional traffic would just be O(1). You’re simply distributing proxies to handle incoming requests — it’s technically not all that crazy sounding features that Just Work every day.

Two: this gripe has a bit more legitimacy complaint, but it applies equally to building and networking any equipment equally.

The bottom line is DDoS attacks are one of the few remaining achilles heels of web architecture. Technical solutions like the one proffered are not only possible, they damn well may be necessary should Russia light up its bot net again like it suspected to have done against Estonia.

Freedom says:

Simple Fix...

What would be wrong with an ISP having an automated monitoring system that based on what triggered it would call for human review or a temporary “circuit break” on their Internet line? Just like driving a car on the public streets, there is a certain amount of responsibility that comes with driving your PC on the Internet. Just as police pull over cars that aren’t driving safely…

Whether you agree or not, I know the answer to why ISPs won’t do it. It would cost too much in resources to communicate with all their customers that are infected – it’s cheaper for them to have bad traffic on their network then try and educate the end-user that their PC is infected, etc.


Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...