Home page logo
/

nanog logo nanog mailing list archives

botnets for good? [was: and here are some answers]
From: Gadi Evron <ge () linuxbox org>
Date: Tue, 21 Feb 2006 03:58:12 +0200


bmanning () vacation karoshi com wrote:

Hey Bill,

        i'm begining to think that botnet like structures are in fac t the
wave of the future. ... and instead of trying to irradicate them, we should be looking at ways to use botnet like structures for adding value to an increasingly more connected mesh of devices. ...

I quite agree, you are more than right. Botnets have proven themselves as a very powerful "construct", if that is how we are to call them. You are more than right.

And indeed, bots were not originally bad entities on the Internet, numbering in the hundreds of millions, DDoSing, spamming, stealing Aunty Jame's credit card and your identity. No, they are very useful for numerous reasons, just very few of which are IRC channel operating related.

Combine them with a distributed environment, and you get very powerful computing engines to do quite a bit of tasks. Point them at a problem, and they will address it as one. Create Akamai, and you will even get some redundancy. I am not saying SETI#Home or Akamai are botnets, but these are some good uses for similar technology, at least in concept.

:)

The distinction should be made when one speaks of botnets as we know them today, for good. As breaking into a machine in order to fix it, as an example, is in no way different than breaking into it in order to spy on it, use it or destroy it. You may eventually cause these anyway, as;
- You don't know how a machine will respond.
- You don't know who else may (ab)use your system.
- You can't know if you won't get sued.
- Etc.

This is an on-going ethical and legal debate in botnet fighting circles. If we see a 1 million hosts botnet just waiting to attack, and we can use the back-door to upload an executable and remove the bot, is that OK?

Aside to it being illegal, you possibly causing the remote machine to crash, triggering some IDS/entering into a log/getting sued/whatever, you will most likely discover that machine coming back infected yet again, or already a member of 30 other botnets with other malware.

We should also remember that when talking of botnets for practical uses, they should probably be addressed as a 'concept' rather than structure. Today's structure looks mostly like a terrorism cell as David Dagon likes to mention, but the structure may vary considerably. Today's IRC based C&C's may be the most prevalent and most useful STILL, but in no way constitute the only way C&C's are run and botnets are constructed.
:)

        of course YMMV - but i'm not persuaded that botnet.hivemind constructs are
        -NOT- inherently evil... they can be turned that way, but if there is a
        value to such things, we ought to be able to use them for our own
        purposes.

burrowing from you with another analogy...
<feedtroll>
So is spam. Spam proved itself to be the most efficient way of selling and advertising ever invented. One could say legalizing and regulating it will bring in incredible amount of good taxes for the different governments, as well as then concentrating only on those who creak the law, such as by using botnets, sending kiddie porn, phishing, etc.
</feedtroll>

        Gadi.

--
http://blogs.securiteam.com/

"Out of the box is where I live".
        -- Cara "Starbuck" Thrace, Battlestar Galactica.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault