mailing list archives
botnets for good? [was: and here are some answers]
From: Gadi Evron <ge () linuxbox org>
Date: Tue, 21 Feb 2006 03:58:12 +0200
bmanning () vacation karoshi com wrote:
i'm begining to think that botnet like structures are in fac t the
wave of the future. ... and instead of trying to irradicate them, we should
be looking at ways to use botnet like structures for adding value to
an increasingly more connected mesh of devices. ...
I quite agree, you are more than right. Botnets have proven themselves
as a very powerful "construct", if that is how we are to call them. You
are more than right.
And indeed, bots were not originally bad entities on the Internet,
numbering in the hundreds of millions, DDoSing, spamming, stealing Aunty
Jame's credit card and your identity. No, they are very useful for
numerous reasons, just very few of which are IRC channel operating related.
Combine them with a distributed environment, and you get very powerful
computing engines to do quite a bit of tasks. Point them at a problem,
and they will address it as one. Create Akamai, and you will even get
some redundancy. I am not saying SETI#Home or Akamai are botnets, but
these are some good uses for similar technology, at least in concept.
The distinction should be made when one speaks of botnets as we know
them today, for good. As breaking into a machine in order to fix it, as
an example, is in no way different than breaking into it in order to spy
on it, use it or destroy it. You may eventually cause these anyway, as;
- You don't know how a machine will respond.
- You don't know who else may (ab)use your system.
- You can't know if you won't get sued.
This is an on-going ethical and legal debate in botnet fighting circles.
If we see a 1 million hosts botnet just waiting to attack, and we can
use the back-door to upload an executable and remove the bot, is that OK?
Aside to it being illegal, you possibly causing the remote machine to
crash, triggering some IDS/entering into a log/getting sued/whatever,
you will most likely discover that machine coming back infected yet
again, or already a member of 30 other botnets with other malware.
We should also remember that when talking of botnets for practical uses,
they should probably be addressed as a 'concept' rather than structure.
Today's structure looks mostly like a terrorism cell as David Dagon
likes to mention, but the structure may vary considerably. Today's IRC
based C&C's may be the most prevalent and most useful STILL, but in no
way constitute the only way C&C's are run and botnets are constructed.
of course YMMV - but i'm not persuaded that botnet.hivemind constructs are
-NOT- inherently evil... they can be turned that way, but if there is a
value to such things, we ought to be able to use them for our own
burrowing from you with another analogy...
So is spam. Spam proved itself to be the most efficient way of selling
and advertising ever invented. One could say legalizing and regulating
it will bring in incredible amount of good taxes for the different
governments, as well as then concentrating only on those who creak the
law, such as by using botnets, sending kiddie porn, phishing, etc.
"Out of the box is where I live".
-- Cara "Starbuck" Thrace, Battlestar Galactica.
Re: Quarantine your infected users spreading malware Michael . Dillon (Feb 21)
Re: Quarantine your infected users spreading malware Scott Weeks (Feb 20)
Re: Quarantine your infected users spreading malware Scott Weeks (Feb 21)