Slashdot Mirror

← Back to Stories (view on slashdot.org)

Recruiting Friendly Botnets To Counter Bad Botnets

Posted by kdawson on from the was-an-old-lady-who-swallowed-a-fly dept.

holy_calamity writes "New Scientist reports on a University of Washington project aiming to marshal swarms of 'good' computers to take on botnets. Their approach — called Phalanx — uses its distributed network to shield a server from DDoS attacks. Instead of that server being accessed directly, all information must pass through the swarm of 'mailbox' computers, which are swapped around randomly and only pass on information to the shielded server when it requests it. Initially the researchers propose using the servers in networks such as Akamai as mailboxes; ultimately they would like to piggyback the good-botnet functionality onto BitTorrent."

34 of 127 comments (clear)

  1. Throttled by zedlander · · Score: 5, Funny

    ultimately they would like to piggyback the good-botnet functionality onto BitTorrent.

    Yeah, just let the ISP's bring your site to its knees instead of the botnets.

  2. GTFO my torrents. by snarfies · · Score: 2, Interesting

    Ah yes. So now not only do Comcast and company want to throttle my torrents, but now these yahoos want to press my computer into their vigilante posse?

    Do these guys, possibly actually WORK for Comcast and are out looking for ways to make every ISP in the world, and possibly governments as well, ban torrents?

    1. Re:GTFO my torrents. by boris111 · · Score: 2, Interesting

      Ha vigilante was the first thing that popped in my head. What happens when these vigilantes feel the power in their hands and they themselves turn evil? A legitimate question would be: couldn't a black hat reverse engineer this and use it against the white hats?

  3. What kind of mental cripple thinks this shit up? by Chas · · Score: 2, Insightful

    NO!

    NO NO NO NO!

    However you slice it, even if this "friendly" botnet is performing some beneficial task (such as kacking a bad botnet that's infected my machine), it's STILL bad!

    It's accessing and carrying out tasks on my machine without my express permission.

    HELL FUCKING NO!

    This is NOT a "lesser of two evils" choice here. BOTH choices (malicious botnet or "beneficial" botnet) are evil, PERIOD!

    --


    Chas - The one, the only.
    THANK GOD!!!
  4. I've always wondered... by neokushan · · Score: 5, Insightful

    I've always wondered why botnets always seemed to be created by black hats. I think it'd be cool to have a competition where some whitehats try to exploit a vulnerability in some software in order to patch it FROM that vulnerability.
    Even if it just forced a windows update, it'd still be quite useful, but it seems nobody with the skills to pull off such a feat can be bothered to do it.
    Surely there's some benign genius out there who could exploit an existing botnet to send it a shutdown command, rather akin to how captain Picard defeated the Borg after he was captured by them, once again proving that Star Trek has given us great insight into the future and, of course, that Picard is better than Kirk will ever be?

    --
    +1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
    1. Re:I've always wondered... by CogDissident · · Score: 5, Insightful

      Because, a white hat could do it for free, and it'd be cool, but they'd risk being sued into a smoking crater if they told anyone.

      By contrast, a black hat, stands to make thousands and thousands of dollars by just exploiting that vulnerability.

      Which would you choose? Honestly?

    2. Re:I've always wondered... by ShiNoKaze · · Score: 2, Funny

      Psh, if they're so benign they can't be that smart... It's the Evil genius that gets all the credit.

    3. Re:I've always wondered... by ChenLiWay · · Score: 4, Informative

      It's been done http://en.wikipedia.org/wiki/Welchia with mixed results.

    4. Re:I've always wondered... by sm62704 · · Score: 4, Insightful

      Not to mention that using someone's computer without their permission is unethical. Black hats don't have to bother with ethics or morals.

      GP: Even if it just forced a windows update

      The first Windows update after I installed XP hosed my network drivers. If I hadn't given permission for that update I'd have seen a lawyer about the matter.

      If you don't have permission to be in a computer STAY THE HELL OUT OF IT. It's unethical, it's illegal, and it's BAD MANNERS.

      --
      mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
    5. Re:I've always wondered... by Orinthe · · Score: 3, Insightful

      I seem to remember that back when the Blaster worm was a big deal, someone did just this. Thing is, everyone complained and said it was terrible and irresponsible to patch peoples' computers without their permission, potentially causing instability, especially in the enterprise where patches have to be thoroughly vetted before being applied, even if they are for critical vulnerabilities. Someone else pointed this out, too, with an appropriate link to http://en.wikipedia.org/wiki/Welchia

      --
      SELECT quote.text AS sig FROM quote NATURAL JOIN attribute WHERE attribute.description = 'witty';
      0 rows returned
    6. Re:I've always wondered... by witherstaff · · Score: 5, Interesting

      I remember one of my boxes was compromised in the 90s through a POP3 exploit. The kid patched the hole after he gave himself an ssh account. He poked around the pr0n site hosted on it, then sent me a talk request to tell me what he did. I miss the old days of polite crackers.

    7. Re:I've always wondered... by ArsonSmith · · Score: 2, Interesting

      White hats just use the basic social engineering technics of hacking. See Seti, RSA, etc...

      --
      Paying taxes to buy civilization is like paying a hooker to buy love.
    8. Re:I've always wondered... by prennix · · Score: 2, Funny

      There are lots of great things we could do for humanity with your computer. Please send me your login credentials. We'll be glad to let you know what great things we've done with your computer in a few weeks. I'll leave a note on your desktop.

    9. Re:I've always wondered... by sm62704 · · Score: 2, Interesting

      What if my computer was a honeypot as part of a honeynet?

      --
      mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
    10. Re:I've always wondered... by ma1wrbu5tr · · Score: 3, Funny

      Then you'd have a problem with bears in your office. ;)

      --
      Why can't we go back to using jumpers to configure slot adapter cards? Why? I say!
    11. Re:I've always wondered... by Torvaun · · Score: 2, Insightful

      He didn't say he would have sued Microsoft, he said he would have called a lawyer. Microsoft was never specified as the target of said lawyer. Basically, he's saying that if someone breaks his computer without permission, he's holding them liable, even if they were trying to be helpful.

      --
      I see your informative link, and raise you a pithy comment.
  5. Re:What kind of mental cripple thinks this shit up by zedlander · · Score: 5, Informative
    From TFA:

    Their system, called Phalanx, uses its own large network of computers
    Chill the flip out, man. They're not taking over your computer.
  6. This will never work by Anonymous Coward · · Score: 4, Funny

    The researchers are so ignorant of history. All the malware writers have to do is to create a Legion botnet. The Legion defeats a Phalanx every time.

    At least watching this in action would be cooler than playing Rome: Total War.

  7. My botnet.... by Anonymous Coward · · Score: 2, Funny

    can beat up your botnet

  8. Re:What kind of mental cripple thinks this shit up by GroeFaZ · · Score: 3, Insightful

    Uhm hyperventilating much? This is /. after all and we don't need to RTFA, but please at least cut down the unwarranted profanity. FTA:

    "Rather than using an ill-gotten botnet, Phalanx would use the large networks of computers which companies currently use to serve massive amounts of content," says team member Colin Dixon."

    Flame where warranted, but please, please, don't rely on /. summaries to form your opinion. *sigh*.

    --
    The grass is always greener on the other side of the light cone.
  9. Re:What kind of mental cripple thinks this shit up by whm · · Score: 4, Informative

    Did you even read the summary?

    It's not an offense, it's a defense. A protected server has all traffic routed to members of large cluster of helper machines (the "good botnet"). The protected server then contacts and collects the content as it is able. Instead of a DDOS attack being able to shovel data down on the target, the data is distributed to the cluster of helper machines. The recipient server then deals with the traffic at a pace it is able.

    The article is short, but it kind of sounds like each node in the "good botnet" is serving as a sort of per-connection proxy to the destination server.

    Maybe that clarifies things a bit?

  10. The same kind of mental cripple who doesn't RTFA? by Len · · Score: 3, Informative

    They are NOT talking about "accessing and carrying out tasks on my machine without my express permission."

    "Rather than using an ill-gotten botnet, Phalanx would use the large networks of computers which companies currently use to serve massive amounts of content," says team member Colin Dixon.
  11. Re:show me the money by zedlander · · Score: 3, Insightful

    Heck, I do it for free.

  12. Future of Botnets by pieterh · · Score: 3, Interesting

    First person to make a "good" BotNet where you can join and get protection for a low, low monthly subscription, makes a killing.

    BotNets are obviously the only way to fight BotNets.

    --
    My blog
    1. Re:Future of Botnets by Thelasko · · Score: 2, Insightful

      I doubt you would actually get protection by joining a good botnet. The bad botnet will likely attack the good botnet and take out at least a few of the machines (temporarily). A machine in a good botnet is about as secure as any given fish in a school of fish.

      --
      One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
  13. Could we have something like Phalanx@Home? by vivin · · Score: 4, Insightful

    Like Seti@Home or Folding@home? We could have people sign up and join the Phalanx network. Or create a similar "open" network? People could then sign up for the service. I guess you could make it to where when you sign up, your computer becomes part of the network, and is also protected by the network. I don't know how feasible this is... just throwing out ideas.

    --
    Vivin Suresh Paliath
    http://vivin.net

    I like
    1. Re:Could we have something like Phalanx@Home? by PitaBred · · Score: 4, Funny

      Calling it Phalanx is lame. It should be called Legion.

      --
      My blog. Good stuff (when I remember to update it). Read it.
    2. Re:Could we have something like Phalanx@Home? by raddan · · Score: 2, Insightful

      Good idea, but you'd want to make sure that Phalanx@Home is a securely-written (e.g., privilege-separated, full-paranoia input validation, all passed communication is unreadable by the node, etc...) application so that it cannot be taken over by a 'bad' botnet operator. Otherwise, thanks for the botnet, UDub!

    3. Re:Could we have something like Phalanx@Home? by Ihmhi · · Score: 2, Funny

      Is this where I make a joke about someone getting "kicked" from a server?

      --
      Random Thoughts From A Diseased Mind (Not For Dummies)
    4. Re:Could we have something like Phalanx@Home? by BrunoUsesBBEdit · · Score: 2, Informative

      Calling it Phalanx is lame. It should be called Legion. Good idea, Legion as in http://www.biblegateway.com/passage/?search=Mark%205:1-10;&version=31;

      All botnets are evil. Things like Folding@Home, Seti@Home, etc. are not botnets.
      --
      The only stable state is the one in which all men are equal before the
  14. awwww by umbl3r · · Score: 5, Funny

    aww reminds me of the days that if you tried to probe a bot server it tried to launch a DOS attack on you. had many hours of fun spoofing a nmap of a bot server's ip and watch the servers take each other out.. man i laughed for days watching bots attack each other.. aw the good-ol days.

  15. Re:Question by What+Would+NPH+Do · · Score: 3, Informative

    1) How do you detect a DDoS attack? There are various ways. Activity profiling, sequential change point detection, wavelet analysis, etc. Here's a good page on different techniques: http://dsonline.computer.org/portal/site/dsonline/menuitem.6dd2a408dbe4a94be487e0606bcd45f3/index.jsp?&pName=dso_level1_article&TheCat=1001&path=dsonline/2006/01&file=w1spot.xml&
  16. stupid idea is stupid. by discogravy · · Score: 3, Insightful
    well, sure, every single other time someone made a "good" virus to patch holes that "bad" viruses exploited, it didn't work out and in fact became a bigger problem than the original virus, but since this is about *distributed* botnets -- waaaaaayyyy more than just one or two infected machines -- *THIS* time it'll work perfectly.

    Further reading: http://www.people.frisk-software.com/~bontchev/papers/goodvir.html

    --
    FreeBSD for the impatient.
  17. misused buzz word alert by BrunoUsesBBEdit · · Score: 3, Interesting

    It's not a botnet, but if they hadn't inappropriately used that buzz word, would we be talking about it?

    It's frustrating the way our terminology continues to get diluted to where everything becomes ambiguous because you must assume that the majority of the people out there don't know the meanings of the words.

    A good off topic example is "stereotype, bigotry, and racism" through related, these three are distinct but everything is now just rolled up into racism. This makes it difficult to express that a person holds the particularly nasty belief that a certain race is genetically inferior to others.

    --
    The only stable state is the one in which all men are equal before the