Slashdot Mirror
Is China Creating the World's Largest Botnet Army?
david_a_eaves writes "The Chinese government is mandating that all computers sold in China come with Internet blocking software. Rob Cottingham writes an excellent piece noting how the censorship application of this software should be the least of our concerns. This new software may create an opportunity for the Chinese Government to appropriate these computers and use them to create the worlds largest botnet army."
Update: 06/11 21:26 GMT by T : J. Alex Halderman writes "My students and I have been examining the Green Dam censorware software. We've found serious vulnerabilities that can be exploited by any web site a user visits with the software installed. We also found that some of the blacklists seems to have been taken from the American-made filtering program CyberSitter. We've posted a report and demo."
Well if they are it's certainly more threatening than a bunch of terracotta warriors.
-
- - VanCondo
-
Obama: Hey Ballmer, you mind if we borrow 90% of the world's computers for a quick cyber war?
Ballmer: Finally, the moment I've been waiting for! *Throws ceremonial war chair at wall*
A few million Stormtroopers standing on the surface of the Death Star with ThinkGeek green lasers.
Archimedes would be proud!
(Think before you mod me offtopic.)
The goal, authorities say, is to protect children from pornography
Of course, that morsel isn't for the Chinese people. They could tell their own people "we're creating a botnet to terrorize you", and nothing would happen. In fact, it's for the benefit of people in other countries. Social conservatives everywhere will exclaim "what an excellent goal!" Those people have simply failed to realize that governments will use whatever power they have for whatever they want, and never exclusively for its "intended purpose". The US does this too, but they've been moving more slowly because more people fail to notice when the power shift is gradual.
I advice any government to use in their networks only SW they can compile by themselfes!
And even more important: use routers ( and switches ) where they compiled the firmware/software themselves!
What makes a botnet potentially devastating is that it can create traffic that's indistinguishable from legitimate traffic. When a large enough number of computers from random locations request a page from your webserver, how do you sort the bad requests from the good? It's the slashdot effect on steroids.
If all the traffic was originating from within a particular country, it would be straightfoward to drop that traffic and let other traffic through.
It's interesting to note that in the early days, it wasn't possible to determine geographic location based on IP address. Address blocks were originally assigned rather haphazardly. As the number of networks grew, routers had to store larger and larger routing tables. Eventually this led to a push to reorganize address block allocations in a more hierarchical fashion, which ultimately made geolocation possible.
The only reason botnets are so effective is they are distributed. When they come from all over the place, you have to do a ton of individual blocks. If they are all from the same IP space, ok just black hole China's space and that's it. Wouldn't take a block from very many top level providers and they'd be doing nothing at all.
To be able to block, at the very least the packet header has to be examined. If remote attacker can generate packets faster than you can examine and drop them, you've just been DoS'ed.
You also have to look at the packet header in the course of regular routing decisions. Would it really take more CPU to look at the packet header and drop it into /dev/null than it does to look at the packet header and send it out a different network interface?
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.