Botnet vs. Botnet: Can A Good Botnet Block A Bad One?

from the battle-of-the-botnets dept

Last year we wrote about how rival online scammer gangs had their botnets fighting each other by disabling trojans of competing botnets on their computers -- but it appears that some researchers have a different idea for creating a "good" botnet to fight the "bad" botnets being used for denial of service attacks (found via Slashdot). This is quite different than some older proposals to create "good worms" that go about automatically patching infected machines (which are wide open to abuse). Instead, the idea is rather creative. It involves setting up a distributed system of computers that effectively act as a way station for connect requests -- which then wait for the actual server to request the inbound requests. This prevents the server from being overloaded (though, I would imagine it could slow down access somewhat). Either way, it's nice to see efforts under way to stop such zombie botnets. Hopefully someone isn't sitting on a patent for such an idea and waiting to sue, like we've seen with other security measures.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Apr 23rd, 2008 @ 5:02pm

    It would be nice if software was designed to not be easily compromised. cough - javascript -

    It also would be nice if folks were more attune to the ramifications of their actions. "Oh look, a free screen saver"

    Oh well ...

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Jake, Apr 23rd, 2008 @ 5:41pm

    Oh, come on. Don't we know by now that domesticating zombies will never work? Every movie where they've tried that, it's ended badly...

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Apr 23rd, 2008 @ 6:45pm

    Stupid, stupid Idea

    One: Even if its working you are adding a lot of network traffic for something that may not work.

    Two: What if your botnet gets compromised? Congratulations, you have a bigger problem now.


    While it makes for interesting reading, its only a "good idea" if its a work of fiction for the entertainment value. The realities of getting this idea to even work correctly cripple the idea from the start.

    Real life != Cyberpunk. No matter how much the fake timeline in CP 2020 is starting to look like reality...

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Dean Landolt, Apr 23rd, 2008 @ 7:39pm

    RE: Stupid, stupid idea

    AC:

    One: Even if it's working you are adding a lot of network traffic for something that...is working?

    And no, you're not really adding much network traffic -- and even so any additional traffic would just be O(1). You're simply distributing proxies to handle incoming requests -- it's technically not all that crazy sounding features that Just Work every day.

    Two: this gripe has a bit more legitimacy complaint, but it applies equally to building and networking any equipment equally.

    The bottom line is DDoS attacks are one of the few remaining achilles heels of web architecture. Technical solutions like the one proffered are not only possible, they damn well may be necessary should Russia light up its bot net again like it suspected to have done against Estonia.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    G!, Apr 24th, 2008 @ 12:19am

    Re: Stupid, stupid Idea

    Its easy to shoot something down, but it would be better if you could come up with an alternative suggestion...

    You can't expect that everyone is computer savy enough to ensure that their computer does not become part of a botnet, so why not "police" the net for these types of threats?

    I agree you are increasing traffic, but is that really an argument? Should we say that we leave criminals on the street because there is not enough cells to lock them up?

    Them being taken over by the baddies is indeed a valid argument and it just means that counter measures need to be taken to deal with those cases.
    (If the bad guys can take over the good guys, then why not the otherway around...)

    We should not follow it blindly, since the good guys might not always have good intentions too... Think ads, internet behaviour etc. But it is a start to deal with this issue.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Apr 24th, 2008 @ 6:15am

    Re: Re: Stupid, stupid Idea

    You are right like how Mike always shoots down the ideas the entertainment industry has, but never has a legitimate idea of his own.

    Also, you setup the botnet to seek "updates." Hmmm...

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Freedom, Apr 24th, 2008 @ 8:55am

    Simple Fix...

    What would be wrong with an ISP having an automated monitoring system that based on what triggered it would call for human review or a temporary "circuit break" on their Internet line? Just like driving a car on the public streets, there is a certain amount of responsibility that comes with driving your PC on the Internet. Just as police pull over cars that aren't driving safely...

    Whether you agree or not, I know the answer to why ISPs won't do it. It would cost too much in resources to communicate with all their customers that are infected - it's cheaper for them to have bad traffic on their network then try and educate the end-user that their PC is infected, etc.

    Freedom

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    Mike (profile), Apr 24th, 2008 @ 10:04am

    Re: Re: Re: Stupid, stupid Idea

    You are right like how Mike always shoots down the ideas the entertainment industry has, but never has a legitimate idea of his own.

    Er... have you missed the over 10 years of explanations, examples and research about how to structure a better business model?

    Nope. No ideas of my own at all.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This