Slashdot Mirror
Visual DDoS Representation and Its Ramifications
winterbc writes "Prolexic has a report on Zombie infections that bring a visual representation of a DDoS attack. Besides being a rather cool picture, it brings to mind a possible future of personal computing. I would love to see a real-time picture of my 'net connections as my desktop picture, allowing me to change my 'net habits based on what I see. For example, I can download new images from the OPTE Project and set my desktop that way, but a more individual pathway highlighted with my favorite color could happen someday. My point is that while DDoS are painfully ubiquitous today, tomorrow visual mapping in real-time could be a path to the source of the problem."
Not exactly a map, but a nice graph of a site getting slashdotted.
"Rocky Rococo, at your cervix!"
From that, you can put a sniffer on the line and trace the communications to find the person running the botnet.
Yet I'm not hearing any stories about these botnets being broken by the cops. Why not?
Several reasons.
First off, a lot of the zombies are in countries different from the person controlling them, making it tricky to pass information, and get search warrants(for the sniffer). A lot of people use proxies, which also complicates things.
Before you mod me funny, think, perhaps I was insightfully funny?
In the future will we have net traffic reports
hah, too late.
http://www.internettrafficreport.com/
It's not quite that easy. There is no such thing as a 'sniffer' you can put on an internet connection.
Odds are these bots will all be logged on to an IRC channel somewhere. You can track it back to that by simply monitoring the network activity of the machine. After that, you can monitor that channel and find the user who is directing the botnet. Unfortunately, the best you are going to get - unless the botnet operator is an idiot - is the last proxy in a chain of four to eight, each of which is located in a foreign country. Being able to get obtain the logs from such a single such proxy is very unlikely. Four to eight simply isn't going to happen.
I've only been monitoring this sort of thing with EtherApe for about 4 years now.
http://etherape.sourceforge.net/
Ubuntu: If at first you don't succeed, blindly slap a sudo in front of it
From what I remembered, he depicted computer networks as having visual representation, describing how colors changed based on the level and types of network activity.
What is given in the novel is more of a virtual reality type thing, though. I thought that was nifty. Now, if only we could get some diagrams like the one in the article done in 3D and rendered in real time as variables changed.
Why?
EU population is 460 million, US population is only 300 million.
No surprises there - more people, more PCs.
Oh well, what the hell...
The rankings are per capita, which means they're adjusted for population.
I Browse at +4 Flamebait
Open Source Sysadmin
Try this http://research.wand.net.nz/software/visualisation .php
Etherape is a good real-time program for visualizing connects to you and their relative traffic. While it only runs on *nixes, you can set up box for monitoring your uplink. Also check this post from last year: http://developers.slashdot.org/article.pl?sid=04/0 6/17/135220&tid=172&tid=141&tid=8
please, no more IP based filtering
/. attitude is : if you're such a geek, sort yourself another proxy (which I do but it is still a pain).
it is bad enough that I get regularly banned from posting because my ISP (ntl:) uses an inline cache that reports itself as the remote address and slashcode can't differentiate between different ntl: customers. And, yes, it has been reported many times, the
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter