Slashdot Mirror

← Back to Stories (view on slashdot.org)

What a Botnet Looks Like

Posted by timothy on from the when-jerks-are-smart dept.

Esther Schindler writes "CSO has an annotated, zoomable map of real botnet topologies showing the interconnections between the compromised computers and the command-and-control systems that direct them. The map is based on work by security researcher David Voreland; it has interactive controls so you can zoom in and explore botnets' inner workings. Hackers use botnets for spamming, DDoS attacks and identity theft. One recent example is the Storm botnet, which may have comprised 1 million or more zombie systems at its peak. As with any networking challenge, there are good (resilient) designs and some not-so-good ones. In some cases the topology may be indicative of a particular botnet's purpose, or of a herder on the run."

81 of 122 comments (clear)

  1. Flash site, very funny. by inTheLoo · · Score: 5, Funny

    To get a good look at a botnet they say, "You need to upgrade your Flash Player". How true!

    --
    No calls now, I'm ...
    1. Re:Flash site, very funny. by gnutoo · · Score: 1, Informative

      It is true.

    2. Re:Flash site, very funny. by Bryansix · · Score: 4, Funny

      They say you can get a good look at a botnet by upgrading your flash player but I'd rather take your word for it.

  2. What a Botnet Looks Like by sm62704 · · Score: 5, Funny

    here's a photo of a botnet. Ok, it's a small botnet but if the botnet was a semi you wouldn't see the computers, now would you?

    --
    mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
  3. Thanks for posting... by Thelasko · · Score: 3, Funny

    all of the IP addresses. Can I get that in a text format? I want to add them to my hosts file.

    --
    One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
    1. Re:Thanks for posting... by Thelasko · · Score: 1

      all of the domains and IP addresses. Can I get them in text format please? I want to add the domains to my hosts file and the IP addresses to my firewall's blacklist.

      Had a brain cramp a moment ago.

      --
      One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
    2. Re:Thanks for posting... by gammygator · · Score: 1

      Um, I think you meant hosts.deny

      --

      No Nyarlathotep, No Chaos
      Know Nyarlathotep, Know Chaos
    3. Re:Thanks for posting... by Anpheus · · Score: 1

      On Windows machines the hosts file can be used to deny certain domains or IP addresses by defining them to 127.0.0.1

    4. Re:Thanks for posting... by multipartmixed · · Score: 5, Insightful

      I don't think you'd want to do that.

      My current RBL has about 6.5 million entries, and is extremely permissive. It is also updated bi-hourly.

      I sure wouldn't want my machine to traverse a hosts table of 7 million hosts every time I tried to look up a name in the DNS.

      Same for your firewall, 7 million entries will cripple iptables. Hell, 30,000 entries causes visible slowness on a dual-core opteron system.

      Of course, you might get better performance out of iptables with the ipsets kernel patch. But that's still a damned big list.

      --

      Do daemons dream of electric sleep()?
    5. Re:Thanks for posting... by apt-get+moo · · Score: 2, Funny

      I heard 192.168.1.1 is among...

      --
      ...."Have you mooed today?"...
    6. Re:Thanks for posting... by VeNoM0619 · · Score: 1

      Not to mention... why blacklist them? It sounds reasonable at first, but blacklisting an IP cause it has a botnet is a poor idea of security, because all it takes is a new IP/new machine. If you are that afraid of getting hit by one, just try to keep up to date on your security information(at least patch monthly).

      Like parent stated, it will only slow down your packets. No real benefits will be gained.

      --
      Disclaimer: I am not god.
      We may not be created equal
      But we can be treated equal.
    7. Re:Thanks for posting... by shentino · · Score: 1

      Strange...

      Apart from memory constraints, why should there be a slowdown?

      Aren't IP addresses a numeric type that can easily be looked up in a hash table or a balanced binary tree?

      If the lookup algorithm is O(N) then I'm going to kill someone.

    8. Re:Thanks for posting... by antdude · · Score: 1

      Isn't that pointless? Do we even know how old these datas are (didn't see any dates with a quick glance)? I am sure they change. It would be nice if we could get up to date ones often.

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
    9. Re:Thanks for posting... by nschubach · · Score: 1

      At first I thought he same thing. If we were only talking about IPs, there's only ~4 million possible in IPv4 and it would be cake to traverse that. However, he corrected and asked for the host names as well.

      I'm not quite sure why you'd block on host names instead of IPs for this purpose, but whatever.

      --
      Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
    10. Re:Thanks for posting... by gammygator · · Score: 1

      Ah. I had not thought of that. That's what I get for being a smart ass, I guess. : -)

      --

      No Nyarlathotep, No Chaos
      Know Nyarlathotep, Know Chaos
    11. Re:Thanks for posting... by Matey-O · · Score: 1

      What ELSE are you gonna do with three of four cores idle?

      --
      "Draco dormiens nunquam titillandus."
    12. Re:Thanks for posting... by Anonymous Coward · · Score: 1, Informative

      You don't want to use iptables for that kinda thing, you use ipset, arange all those IP addresses in a giant hash map and match against that :)

    13. Re:Thanks for posting... by nschubach · · Score: 1

      Lol, good catch. I can't believe I missed that. Either way, it's not like it's a plain text search. The numbers are delimited and easily partitioned into smaller sets to search.

      --
      Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
    14. Re:Thanks for posting... by szap · · Score: 1

      Interactive Flash controls my foot. It looks like a raster image output of the Graphviz's dot command. Which takes a text file as an input, meaning we could have the source to generate the dang map in the first place.

    15. Re:Thanks for posting... by multipartmixed · · Score: 1

      First of all, the lookup in iptables appears to be O(N), when you use a single rule to block a single IP.

      Second, when you have many rules in iptables, it becomes extremely expensive to insert another one. It will take a long time, and no other iptables administrative operation can happen at the same time.

      Third, inserting rules with iptables-restore helps but not enough. I also mentioned ipsets as a solution, but that requires patching your kernel. I also don't know if it's good enough or not.

      Fourth, 2^32 is not four million, it's four BILLION

      Oh, and the OP wants to block on hostnames because they often stay constant. Say you want to move your C&C around, just flip the hostname randomly through 1000 boxes. Piece of cake.

      --

      Do daemons dream of electric sleep()?
  4. Maybe it's my ignorance... by mpapet · · Score: 1

    because I don't work in this area, but I think a simpler explanation for the crazy hodge-podge of IP's on the map is dynamic IP's being given to a few infected PC's.

    How can one say with confidence that the design is purposeful?

    --
    http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
  5. reminds of the sexual partners mapping... by Anonymous Coward · · Score: 5, Interesting

    http://www.artsci.washington.edu/news/Autumn05/largermap_sexualnetworks.htm

    1. Re:reminds of the sexual partners mapping... by erlenic · · Score: 1

      I looked through this pretty closely (it's amazing what boredom will do :). I could only find one same-sex encounter, and it wasn't in the largest group. It's in the second to the right structure along the top. Right in the middle of that group there's a triangle with a female-female encounter. I wonder if that triangle was three separate incidents, or one very lucky guy :D

      Anyone see anything else interesting? What's the highest number of partners for one individual?

      Extra note: I just went and looked again before hitting submit, and I did find two male-male encounters. I'll leave finding them as an exercise for the reader.

    2. Re:reminds of the sexual partners mapping... by IBBoard · · Score: 1

      I found one male-male in the big blob, but I've not spotted the other one yet.

      As for the actual groupings, did anyone else notice that in all except the big huge "we sleep around a lot" map then the girls were more likely to have multiple partners? Both the two in the top-right and the star pattern that's not quite in the bottom-left have clusters around a pink blob and then mainly single partner chains from there.

      Yes, there's more lone guys with two female partners, but other than that then the girls seem more likely to have had multiple partners.

    3. Re:reminds of the sexual partners mapping... by erlenic · · Score: 1

      As far as the big loop, I think it's less promiscuous than it seems as first. If you look closely, there are a lot of two partner people, and most of the branches are formed by someone with three. Considering this is an 18 month study in a high school, it's not unheard of for them to have two or three somewhat long term relationships, especially if one ended right at the beginning of the study.

      I see what you mean about the ratio of males to females among multiple partners. The most I could find was a male with nine partners, but the next five highest I see are all females.

      And the two Y shaped pairs and the V shaped pair (bottom right) are mirrors of each other with respect to gender.

      I'd love to get the raw data, but all I've found so far is that the article appeared in the American Journal of Sociology, 110(1):44-99. It won an American Journal of Sociology Roger Gould Prize for Best Article.

    4. Re:reminds of the sexual partners mapping... by erlenic · · Score: 1

      Bad form, I know, but I had to add this.

      I found the article. http://faculty.washington.edu/stovel/chains.pdf. Still no raw data though.

    5. Re:reminds of the sexual partners mapping... by erlenic · · Score: 1

      The purpose of the map is to demonstrate sexual networks. In the case of a virgin, there is no sexual network. The full article is available at http://faculty.washington.edu/stovel/chains.pdf, she does have maps and discussion that take time into account.

    6. Re:reminds of the sexual partners mapping... by antdude · · Score: 1

      Obviously for a typical /.er like me, it is just one dot. :(

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
    7. Re:reminds of the sexual partners mapping... by Zebedeu · · Score: 1

      And there is this one blue dot with 9 female connections on the largest group (on the top-right).

      The lucky bastard!

    8. Re:reminds of the sexual partners mapping... by jotok · · Score: 1

      IIRC there is something about this in Mathematics and Sex but
      1. It is easier for women to get laid,
      2. 10% of men sleep with 90% of women, and
      3. It is easier for women to get laid.

      Say you're an attractive woman. You walk into a party. Instantly the vast majority of guys and an appreciable minority of women want to take you home.

      Say you're an attractive guy. You walk into a party. Instantly the vast majority of women consider that they might signal to you in some subtle fashion that they are interested in talking and maybe going out on some dates and keeping you around if you're funny and then, yeah, there might be sex. Then there's the minority of men & women who want to just take you home.

      We all want the same thing, but we go about it differently, and the playing field is definately not level.

  6. Ob. XKCD reference by DrYak · · Score: 5, Funny

    Ok, it's a small botnet Randall Munroe's botnet look like that.
    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  7. Wow - I can see my house from here! by jmichaelg · · Score: 2, Interesting

    It would be nice to be able to search my static IP or a range of IPs to see if they are on the map.

  8. Check out the losers by Hoplite3 · · Score: 5, Funny

    There are lots of well constructed stars, where a handful of master nodes control several slaves. Each slave knows two or three masters for redundancy. That's good design, and I expected it.

    But what's hilarious is that there are some ip addresses that are slaves to four or five different botnets. I wonder what the owners of those machines think?

    "Man, the internet sure is slow today!"

    "I need a new computer, this one's all slow."

    "Sweet! Five botnets and counting! I'm part of something! I belong!"

    --
    Use the Firehose to mod down Second Life stories!
    1. Re:Check out the losers by Esther+Schindler · · Score: 5, Insightful

      I do know what those users think, and it's very much like you posited: "My computer has become unusably slow, and I don't know why or how to fix it!" Unfortunately that was followed by, "Aunt Esther, can you tell me what's wrong?"—and thus I spent half a day killing enough of the junk that I could install a firewall, antivirus, etc.

      People like my nephew aren't unwilling to learn. They're just lost when it comes to their computers. And they don't particularly mind being ignorant as long as the equipment works right (or appears to). Just as most of us don't feel the need to understand how a car works in order to drive one.

      Some of us remember the days when we wistfully wanted computers to become easy enough for ordinary people to use them. Alas, we got our wish.

    2. Re:Check out the losers by Volante3192 · · Score: 3, Interesting

      And they don't particularly mind being ignorant as long as the equipment works right (or appears to). Just as most of us don't feel the need to understand how a car works in order to drive one.

      Yes, but people are often more familiar with what a car needs. Regular oil changes, maintenance, gas; they might not know (or care) why the car needs these, but they know that if they don't, the car will fail to work.

      People don't even know that much about computers, about what they shouldn't do, even if they don't know why.

    3. Re:Check out the losers by shawn(at)fsu · · Score: 1

      Wow thats a pretty detailed map, in fact I think I see one of my IP address.

      Wait what?

      --
      500 dollar reward for tip(s) leading to the arrest of the person(s) who stole my sig.
    4. Re:Check out the losers by Esther+Schindler · · Score: 3, Insightful

      Not everyone does understand basic maintenance. You'd be amazed. Plenty of people wait until the car breaks down before they think to get it serviced.

      And they don't like to gain even basic knowledge. In the gas crisis of the late 1970s, my (then-)mother-in-law waited 40 minutes at a gas station before she got to the pump. When she discovered it was self-serve, she drove away, because she didn't know how to use the pump herself. (Yes, obviously all she had to do was ask the person behind her—who'd be motivated to help—but she didn't.)

      Also, even when people take the car in for maintenance, it's something they do out of distrust for the practitioners. That's better than not taking it in, of course, but it's inherently a combative relationship: what's the mechanic gonna tell me I need this time?

      The thing is, few of us want to be experts in every technology we use. We just want it to work.

      None of which excuses ignorance, mind you, but it does explain it.

    5. Re:Check out the losers by blitzkrieg3 · · Score: 1
      from tfa:

      One thing to remember when looking at the map is that the information takes place over time. In that sense it's like time-lapse photography, a composite of 24 snapshots a day for 60 days. That means the more lines and points you see, the more activity you're looking at. The two connected stars to the left spent more time moving around than the single star below during the two months Vorel collected data.
      Maybe that's what you are seeing?
    6. Re:Check out the losers by Jarik_Tentsu · · Score: 1

      It's scary. You get a friend, sibling, nephew, whatnot coming to you asking for you to fix their computer. And you just sit there and think "HOW IS THIS POSSIBLE!?"

      Pre-SP2, I only ever ran Spyware searches when I installed software I *knew* came with spyware, with no way to install it otherwise. I've since found better alternatives...but apart from tracking cookies, I get nothing now. Anyways, so even after doing a new installation of XP, along with 5-10 or so spyware filled programs, I'd get about 50 or so things popping up in Ad-Aware SE.

      My sister asks me to fix her computer. I run it, return and almost fall over in shock. Somehow she had accumulated 1500+ pieces of spyware. HOW!?

      I remove it.

      A week later, I check it again, out of professional curiosity. Somehow, within a week she managed to accumulate another 600.

      How!?

      ~Jarik

  9. Oh come on. by willeyhill · · Score: 2, Interesting

    Who modded this "offtopic"? The site requires the latest and greatest flash player to look at a freaking image when everyone knows that Flash has big fat holes in it. They might as well made it IE only.

    1. Re:Oh come on. by nschubach · · Score: 2, Insightful

      Useful
      Not necessarily this post, but if I'm to believe what these folks (willhill, et al.) are telling me, twitter has had some informative posts and if he feels the need to "sockpuppet", mod the puppets, leave the information. Coming into this war fairly fresh, it looks like someone is trying to discredit a logical poster instead of informing people. Stick it in your signature if it's that important to you and contribute to the site so you get modded up instead of spamming.
      --
      Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
    2. Re:Oh come on. by thePowerOfGrayskull · · Score: 2, Insightful

      Dude... seriously, move on. Take a deep breath, and just... move on. In the grand scheme of things, he can have 2351 different IDs- and it would not matter one iota. Why on earth do you let him have so much control over you?

    3. Re:Oh come on. by willyhill · · Score: 1, Offtopic
      I suppose that's OK, since if I follow your logic here all I need to do is just create four or five accounts, complain about your moderation and paste in a few links. You wouldn't mind if I did that, would you?

      Then, the next time I see you posting something I disagree with, I'll jump in with all my sockpuppets and create the illusion of a discussion between many people, most of which happen to agree with me. Then someone else who thinks they're using their moderator points in for a righteous cause will mod you down, and you will lose karma. Eventually you'll lose your posting bonus, and who knows, maybe even descend into negative karma territory.

      But you wouldn't mind that at all, would you? As long as I paste a few "informative" links into my comments and repeat the obvious in slightly different ways. Right?

      --
      The twitter monologues. Click on my homepage and be amazed.
    4. Re:Oh come on. by Red+Flayer · · Score: 1, Insightful

      Unfortunately, modding the puppets doesn't work when the puppets are used to mod posts, and I'm not convinced that metamoderation is agile enough (especially considering the tendency of user-generated feedback to be overwhelmingly positive) to combat sockpuppets when they are used to mod posts.

      The best way to combat sockpuppets is to raise awareness of their existence and the parent-child relationship. Sure, sometimes that info is OT when post IS actually informative, or insightful, or whatever... in which case the posts should rightly be modded offtopic. However, I think it's healthy for the slashdot community for these posts to come through and be seen once a month or so.

      --
      "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  10. I, for one.. by oodaloop · · Score: 4, Insightful

    ...would like to see more. Was there actually an article there, or was that just a picture? How about something about the methodologies used, a description of the organization of the network, maybe even some metrics like centrality. Something other than a picture, ferchrissakes.

    --
    Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
  11. Re:Anonymous Coward by Anonymous Coward · · Score: 5, Funny

    No, it sucks. I zoomed in to close and saw my IP!

  12. How it looks like? by gmuslera · · Score: 2, Funny

    There are fields, Neo. Endless fields where bot beings are no longer born. Are grown. For the longest time I wouldn't believe it and then I saw the fields with my own eyes...

  13. Ha Ha! by Thelasko · · Score: 2, Funny

    One of the nodes backendportal.info is registered to Horatio Nelson!

    --
    One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
    1. Re:Ha Ha! by maxwell+demon · · Score: 1

      So if we find the controlling IP, we have found an internet connection to afterlife!

      --
      The Tao of math: The numbers you can count are not the real numbers.
  14. Re:Obligatory by maxwell+demon · · Score: 1

    I, for one, welcome our new botnet overlords. Yes, but do they run Linux?
    --
    The Tao of math: The numbers you can count are not the real numbers.
  15. Honeynets seem to be doing their thing by Lucas123 · · Score: 3, Interesting

    If you zoom in, you'll see a lot of the concentration of spiderwebs are around sites like honeynet.cz.

  16. Hey, by Layer+3+Ninja · · Score: 1

    I can see my house from...oh wait..oh :/

    --
    Power corrupts. Absolute power...is even more fun.
    1. Re:Hey, by OhHellWithIt · · Score: 1

      I was wondering something similar: Isn't that my office LAN over in the top left corner?

      --
      "Who controls the past controls the future. Who controls the present controls the past." -- George Orwell
  17. Re: Better way needed by Red+Flayer · · Score: 2, Funny

    can be shut down by shut down by just shutting down computers that don't have secure computers.
    Gee thanks thanks captain obvious captain obvious for your observe your observations.

    Was it just me, or did anyone else imagine parent as speaking in the voice of max headroom?
    --
    "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  18. 127.0.0.1 by Anonymous Coward · · Score: 4, Funny

    Wait, 127.0.0.1 is in there. That is my IP address!

    1. Re:127.0.0.1 by Doug+Neal · · Score: 1

      So you're the guy that's been DOSing me!

      Stop it.

  19. Re: Better way needed by Tenebrousedge · · Score: 1

    Is perfect security possible? Serious question.

    If the answer is yes, then there would be some point to your idea. It would probably not be practical to do what you're suggesting, and it may run counter to some people's ideas of personal freedom. Probably you would piss off a hell of a lot of people.

    If the answer is no, then the same flaws apply as above, except that it would be ultimately pointless. There's an evolutionary principle called the Red Queen effect that you should be aware of. It's kind of a consequence of selective pressure in an environment. Basically, if you close off all the security holes you know about, this creates a strong pressure for someone to find another security hole.

    So, should we use draconian methods to try to achieve a perfectly secure internet? It seems like the same argument as the anti-terrorism efforts. I do not think such efforts would be successful, or worth the cost.

    --
    Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.
  20. How does eNom... by Thelasko · · Score: 2, Funny

    allow people to register with information like:
    Registrant Contact:
    elnopic
    elnopic elnopic (elnopic@elnopic.com)
    +1.2435543
    Fax: +1.5555555555
    123 sdhdsa g
    asdf, AD 34215
    US
    Do they not even try to verify this information?

    --
    One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
    1. Re:How does eNom... by Thelasko · · Score: 2, Interesting

      after further investigation, it appears the above domain was registered by a company called namecheap also known as HostingAnime a company known for hosting al-Qaeda websites.

      Coincidence? I think not!

      --
      One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
  21. Image!!! by Fuzzums · · Score: 1

    And this, dear parents, is why you make an image of your kids computer and just put it back when the computer gets "slow".

    It will save you that day of irritation and removing all the junk.

    I guess that's worth a few bucks, isn't it?

    --
    Privacy is terrorism.
  22. Re: Better way needed by TheHorse13 · · Score: 1

    If it was this easy, then all of the crap you've installed would be blocking botnet activity - but it's not. Reality is that botnet activity is obfuscated and buried in normal transactions and behaviors. All the firewalls on the planet cannot stop bot activity no matter what vendor marketing slicks say.

  23. Too many bots! by IBBoard · · Score: 2, Funny

    There must be too many bots - I can't even get it to render! All I get is a white page with no nodes and no links :\

    Either that or they've rendered the botnet on a white background in apple white with light grey lines.

    (i.e. it seems to be Slashdotted ;) )

  24. Re: Better way needed by peragrin · · Score: 1

    isn'that the point though? Close off all easy security holes(put some dead bolts on those doors, and poly films to prevent glass breakage) security holes will still exist but will both be harder to take advantage of(robbery at gun pint for keys, social engineering) Or brute forcing passwords.

    *nix's aren't hacked very often in mass groups, yet you put a non patched windows system on the net and it will be pwned by the time you can download the security updates.

    Lock the windows and force the crackers to find other flaws. let them be your Quality control team, and your consumers are used to being beta testers anyways.

    --
    i thought once I was found, but it was only a dream.
  25. yeah... and by spikedvodka · · Score: 2, Interesting

    And why's this so much news?
    Any self-respecting revolutionary knows that you have a distributed network, so that even if a cell goes down, you can still pass messages.

    Hell... I wish IRC could learn from this, I've had enough of netsplits. By rights only the server that goes offline should be affected if it goes down, it shouldn't split the network into 2 massive sections.

    Yeah the image looks nice, and is all "ooohhhh ahhhh" and lends itself to "Hey... that's me", but really "News"? I think not

    Call me when they have an article as to how they got this information

    -1 "Cynical Bastard"

    --
    I will not give in to the terrorists. I will not become fearful.
    1. Re:yeah... and by drew · · Score: 1

      I certainly hope there aren't too people here saying "Hey... that's me!"

      --
      If I don't put anything here, will anyone recognize me anymore?
  26. Some nice-focal points there by LighterShadeOfBlack · · Score: 1

    ...And people say nobody uses IRC anymore.

    --
    Spelling mistakes, grammatical errors, and stupid comments are intentional.
  27. Tool? by flibuste · · Score: 1

    Anyone knows if there's a tool to check an IP and see if it's part of a botnet?

    1. Re:Tool? by marcosdumay · · Score: 1

      It's called anti-virus :)

      --
      Rethinking email
  28. Re: Better way needed by Tenebrousedge · · Score: 1

    *nix's aren't hacked very often in mass groups, yet you put a non patched windows system on the net and it will be pwned by the time you can download the security updates. Okay, so *nixes (*nices?) have a better security model. That's good, but how different would things be if we had one vast monoculture of *nix machines? That's the question. Is there a perfect security system that we're getting closer to, or are we just running as fast as we can just to stay in the same place?

    I'm not arguing against increased security efforts. I'm just arguing against draconian methods of doing so, on the basis that they may ultimately be ineffective, in the sense that they would not alter the eventual outcome.
    --
    Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.
  29. Hey.... by losethisurl · · Score: 2, Funny

    That looks alot like the map of our network where I am emplo... oh crap...

    --
    Seriously, is it supposed to look like that?
  30. Funny IP: 1.3.3.7 by slysithesuperspy · · Score: 1

    I zoomed in and saw "pimpin.opendns.be" attatched to 1.3.3.7 Has someone been messing with them or something? Anyone else seen any weird ones?

  31. Re: Better way needed by zymano · · Score: 1

    LOL.

    I had a computer error. Swear i didn't write it like that.

    haha.

  32. Re:Anonymous Coward by innerweb · · Score: 1

    To make this truly useful, the addresses should be in a text searchable format. Then, one could truly look for one's own address, or a client's address, or a friends address, or just block email from them, or whatever. This is only eye-candy, and we all know what that is only useful for.

    InnerWeb

    --
    Freud might say that Intelligent Design is religion's ID.
  33. Ant Martha by Tablizer · · Score: 1

    Wow, I can see my house's IP address from the zoom-out. It looks like a little ant from up here.

    --
    Table-ized A.I.
  34. If he generated a KML file... by EmbeddedJanitor · · Score: 1

    you could hook it up to Google Earth. That would allow Google to do all the pan/joom heavy lifting.

    --
    Engineering is the art of compromise.
  35. hacker != blackhat by conan1989 · · Score: 1

    hacker != blackhat
    ... come on, this is /. we're smarter then this, we not supposed MSM misinformed terminology

  36. David VOREL, not Voreland. by MadMidnightBomber · · Score: 1
    Is that too much to ask?

    David is lead on the Czech Honeynet Project - http://www.honeynet.cz/?mmenu=home&smenu_int=0&lang=en&vmetr=1

    --
    "It doesn't cost enough, and it makes too much sense."
  37. How do do that? by Dausha · · Score: 1

    A little off topic, but my use of non-text tools is a bit limited. :) How would one go about mimicing the ability to make that Botnet map?

    --
    What those who want activist courts fear is rule by the people.
  38. Re: Better way needed by peragrin · · Score: 1

    there hasn't been a *nx monoculture since the 1970's when it was first developed. Even in Linux you have 4-5 major distributions, with different libraries and software versions.

    There is no monoculture in *nix. There never really was one.

    --
    i thought once I was found, but it was only a dream.
  39. Re: Better way needed by jotok · · Score: 1

    Actually the vast majority of botnet infections right spread by e-mail trojans and drive-by installs. These are not problems firewalls are meant to address. For the latter, you can sandbox your browser or at least keep your patches up to date. For the former, we expect people not to be idiots.

    So, in reality, what you should say is that all the security advice on the planet cannot stop bot activity, no matter how smart people claim to be.

  40. Re:Thanks for posting... 0. = 127. by Anpheus · · Score: 1

    Wow, uhm...

    0.0.0.0 is smaller in RAM than 127.0.0.1 because the numbers look smaller? ... How much RAM do you have that the loading of the ASCII-encoded file is a serious difficulty?