Slashdot Mirror

← Back to Stories (view on slashdot.org)

Visual DDoS Representation and Its Ramifications

Posted by Zonk on from the seeing-things-helps-to-understand-them dept.

winterbc writes "Prolexic has a report on Zombie infections that bring a visual representation of a DDoS attack. Besides being a rather cool picture, it brings to mind a possible future of personal computing. I would love to see a real-time picture of my 'net connections as my desktop picture, allowing me to change my 'net habits based on what I see. For example, I can download new images from the OPTE Project and set my desktop that way, but a more individual pathway highlighted with my favorite color could happen someday. My point is that while DDoS are painfully ubiquitous today, tomorrow visual mapping in real-time could be a path to the source of the problem."

10 of 104 comments (clear)

  1. Visual DDoS? by Anonymous Coward · · Score: 5, Funny

    Is the a new programming language from Microsoft?

  2. Neat! by failure-man · · Score: 5, Interesting

    Can it build a map for a /.ing?

    Also, it's nice to see that, for once, a story on Slashdot uses "its" correctly.

    1. Re:Neat! by geomon · · Score: 4, Informative

      Not exactly a map, but a nice graph of a site getting slashdotted.

      --
      "Rocky Rococo, at your cervix!"
  3. In the future will we have net traffic reports? by rokzy · · Score: 4, Insightful

    I hope not!

    isn't the whole point that there's redundancy and stuff to make things reliable and invisible to the end user?

    time spent visualising problems is a total waste unless you use it to stop the problem happening again. and prevention is better than cure.

  4. Re:Europe has most zombie infested networks.. by Anonymous Coward · · Score: 4, Funny

    Clearly, their PCs must be liberated.

  5. Relevant info missing by Stormwatch · · Score: 4, Funny

    They forgot to list zombies per operating system.

    Oh, wait...

    --
    Circumcision is child abuse.
  6. And what is being done about this? by khasim · · Score: 4, Interesting
    From TFA:
    The primary attack of choice in the first half of 2005 was an advanced full connection based flood. This particular attack exposes the real IP address of the attacking bot/zombie, however, the sheer number of IP addresses that must be blacklisted places overwhelming load on mitigation hardware, ACLs, and web services farms.
    Okay, so you hve the IP address of a cracked machine ...

    From that, you can find the ISP ...

    From that, you can find the machine ...

    From that, you can put a sniffer on the line and trace the communications to find the person running the botnet.

    Yet I'm not hearing any stories about these botnets being broken by the cops. Why not?

    1. Re:And what is being done about this? by plover · · Score: 4, Interesting
      Botnets have evolved beyond your 2003 viewpoint. They now are implementing encrypted peer-to-peer communications networks, and are not run from a central point like the IRC-based botnets of old.

      I briefly chatted with a guy who tracks these people down, and looked at some research posted by the honeynet project. My understanding is the operator fires a message into just one zombie, and it passes it around to its immediate circle of friends, then launches the requested task. Each zombie only relays the command to its peer circle, making it "cell based". The investigator really has no idea which cell was "cell 0", where the command originated.

      Many of the DDoS attacks are things like SYN floods with forged IP headers, making it very tough to track back to any single machine, let alone the thousands the zombie operators had under their control.

      --
      John
  7. the gibson by mnemonic_ · · Score: 4, Funny

    But have they hacked the Gibson yet?

  8. Amazing photos... by d474 · · Score: 4, Funny

    ...they almost look like a "web" of some sort...

    --
    Authority questions you. Return the favor.