Slashdot Mirror

← Back to Stories (view on slashdot.org)

BlackFrog to Take up BlueFrog's Flag

Posted by ryuzaki0 on from the internet-routes-around-stupidity dept.

Runefox writes "ZDNet UK has a story about a new SPAM defense mechanism called BlackFrog, a response to the demise of Blue Security's BlueFrog. According to the article, the new service is based on a P2P network of clients, called the 'Frognet', which allows the opt-out service to continue functioning even after a server has gone down, making a DDoS attack like that which crippled BlueFrog ineffective against the new service."

3 of 178 comments (clear)

  1. Once you go black, you never go back. by DigDuality · · Score: 5, Informative

    Just as a correction folks, it's not called "Black Frog" this is a mix up. There was two projects. Black Frog and Okopipi aiming for the same goal. Black Frog stopped and the people joined Okopipi.

    1. Re:Once you go black, you never go back. by DigDuality · · Score: 5, Informative

      an Okopipi is a poisonous blue frog.

  2. For the Nth time, we're NOT GOING TO DDOS!!! by Spy+der+Mann · · Score: 5, Informative

    Disclaimer: This is my personal opinion and does not reflect the viewpoints of other members of the Okopipi project.
    --

    Sheesh people! I hate to have to respond to 1,000 comments made by kneejerks who don't even RTFA, saying how terrible it's to DDOS and how the system could be abused.

    Do you think we're idiots to let something like this happen?

    1. The "attacks" on websites will be moderated. We want to make sure that the force is non-lethal to websites. We haven't discussed the implementations, but the decision has been taken: We will use throttling to PREVENT denial-of-service attacks.

    2. The P2P network does *NOT* control the clients, it'll only distribute opt-out scripts for websites. Also, the customer can log out ANY TIME they want. So, NO, it's NOT a botnet.

    3. Spammers Don't need P2P networks to initiate an attack. They already have their effective botnets in infected WinXP machines.

    4. There will be a reputation system AND a hierarchy system (so not everyone can mod someone down), people will have to earn their trust to classify scripts, those who report wrong sites will be modded down, and the usernames and reputations are permanent. The hierarchy system we're studying requires at least two people acting as an individual before taking any action, to prevent infiltrations.

    5. We're already considering infiltration of spammers in our model, we're researching papers written by experts in graph theory and computer science for this. A spammer could at most try to disable the network, but with the currently planned infrastructure, i doubt they can do it.

    6. We haven't started to code. We're still discussing (and will continue to discuss) the possible consequences, abuses, attacks and how to prevent them or at least minimize them. We cannot afford to have ANY point of failure.

    7. If any wants to cooperate, the google group is open to ideas.

    8. And I repeat: we will *NOT* DDOS websites. It's a decision the commitee has taken, and it's a final decision. There have been people who have proposed to DDOS the spammers to death, and we're already shutting them up.