Well then you shouldn't have a problem linking to it, right?
Right?
Oh, you can't.
Is it because you don't know how to post a link a here?
Is that it?
Do you want me to tell you how to do that? I can.
Tell me that you want me to teach you how to post a link.
I don't think that phrase means what you think it means.
So you are saying that I do not control the routing in a honey net? Is that it?
Or that I don't control the IP addresses? Maybe that is it?
Or that I don't control the machines on it? Is that what you think?
Just tell me that you want me to teach you how to post a link. It's okay if you don't know how to do that. You don't have to feel bad about it. It's okay. Ha ha hahahahahahaha
In reality it's easy to tell who the bad guys are. They will be the ones with everyone's gun pointed at them.
Because guns always point to the bad guys, right?
No. They don't.
The people holding the guns won't be able to tell who the bad guy is because they will not have seen him start shooting. They will pull their guns and point them in the direction they think the bad guy is.
Which will be towards the passengers in front of them. Which is what those passengers will see when they look behind them.
If your name is on a no-fly list, you send a different guy who's name is not on the list.
If you cannot find someone who's name is not on the list, you buy guns and go on a shooting rampage inside the terminal where all the other travelers are standing in line, holding their shoes.
The terminal closes and all the flights are re-directed to other landing strips. If you pick the terminal right and the day right, you pretty much shut down all travel in that sector.
The bad guy at the back of the plane will draw first. So that means probably one person dead no matter what.
Then the good guys in the front of the plane turn and see everyone behind the bad guy with their guns drawn. How are they supposed to identify the bad guy in that split second?
Meanwhile, the other bad guy at the front of the plane starts firing at the people at the back of the plane so they return fire, hitting the good guys at the front of the plane. And the good guys at the front of the plane return fire on the good guys at the back of the plane.
Everyone ends up dead and the bad guys only had to fire a few shots.
2. You're able to reverse-engineer the code in order to obtain the required commands and passwords.
Whoa there, son.
You might want to add "reading with comprehension" to the list of things you've failed. No where did I say that. Feel free to re-read and post a link if you can find that.
3. You're able to isolate the infected machines and feed them whatever data you want.
Yep! You might also want to add "honey net" to the list of your failures. That is one of the properties of it.
In other words, you've taken my earlier offer at face value and literally given your bot-hunters godlike powers.
Yeah, you might want to address the points that you keep failing at before making statements like that. It only seems "godlike" because your understanding is so limited.
Once you address the flaws in your understanding, you'll be better able to hold a discussion.
Unfortunately, real life doesn't work that way. Since you clearly don't have an inkling about the issues involved here (or a basic understanding of math and statistics, apparently), and are unwilling to listen, I think we're done.
You were the one suggesting that scanning 100K IP addresses was viable.
This isn't a competition. I'm giving you information based on work I've done. You can take it as a learning experience, or you can get offended and ignore what I'm telling you - it's your call.
And yet the math doesn't add up. Looks like your "work" hasn't been of much value.
You have 2.5 billion virtual machines in your honey net? Boy, you must have access to a hell of a lot more resources than I do!
What was that about the "work" you did? It's addresses. Since I control the routing, it would appear to the infected machines that there are billions of addresses with machines at those addresses.
So what is this "work" you do that you fail basic math AND you fail basic routing?
If I were designing the botnet, I'd put the limit at maybe 10k, and tweak it as required.
Yeah. So you'd start a list of addresses and when the zombies no longer worked, you'd fix the list of addresses.
So, how are you going to fix the list of addresses when you cannot connect to the zombie anymore because it has the wrong addresses in it?
Again, nice "work" there.
If I really wanted extra redundancy I might cache 100K, but only have 10k verified at any given time.
LMAO. You're talking about caching 100K addresses on a botnet that has 250K members.
Remember that part where I told you that you failed math? You just failed again. This "math" thing is kicking your ass.
Second, validation only needs to occur once in a while, and can be done with just a few packets. Lastly, nobody would design a client to make 10,000 connection attempts simultaneously, so your flood scenario is just silly.
What is this "once in a while". It needs to occur more frequently than the ISP's rotation of IP addresses. Again, you fail.
Which means that those 10,000 connection attempts (I won't even go into how you have no idea what the size of a packet is) need to happen before the next rotation or they're useless. Again, routing and math. You fail them both.
No, they'd simply drop addresses at the end of the list in favor of new ones which actually work. This isn't rocket science. File sharing clients do the same thing - non-responding addresses get dropped in favor of ones which work.
You might want to review how file sharing clients work. Because you seem to have missed the part where they INITIALLY connect to a centralized server for a list of clients sharing a file.
But in your "work" you probably knew that already, right?
Looks like you failed file sharing, also.
Sure, if you know which addresses to filter.
Wouldn't that information be easily available by watching what one of the boxes in the honey net does after the IP address rotation?
Like I said, you fail routing. Big time.
Seriously. You need me to point out each of the basic flaws? And only then do you try another flawed work around. Why is that when you claim to have so much "work" experience?
No, I just know how to think, and I don't have your strange emotional attachment to this issue.
Since I keep pointing out the flaws in your "work", this must be some new definition of "think" that means "make errors".
If you would actually stop for a minute and think about the claims you're making, you yourself could probably come up with ways to get around the supposed problems.
Yeah, you might want to work on that "think" thing again.
I've already explained how to I would approach the problem. YOU are the one claiming that it wouldn't work and offering up all the flawed approaches (and math failures) trying to show that it wouldn't work.
You don't even know how LimeWire works. I mean, really. It's not magic.
So, in addition to never having heard of IP lists, and not understanding statistics... you've also never heard of encryption?
You lost. If you cannot admit that, that's fine. Right now all you are doing is demonstrating how badly you've lost.
Even ignoring the possibility of encrypted communications channels, it's childs-play to code in a simple function which checks all new IP's as they're added and rejects or sets a lower priority on ones which aren't active.
Why wouldn't they be active? They're in a honey net. The machine communicating with the external zombies has already validated them.
So in your mind, having all the zombies validate all of the IP address before accepting them is rational?
They'd die just from the traffic of 250,000 connection attempts each.
After 4 IP address rotations, they'd EACH be validating a MILLION address.
And with a simple filter at the ISP level, they'd UNLEARN the 2,500 address you claimed would re-start the zombies after the IP swaps.
Which makes it even easier because then all you need is a honey net and some virtual machines to be continually "re-infected" and load that file with over a billion fake IP addresses. Or 2 billion.
So when the IP address rotation happens, the zombies have to dig through billions of fake addresses to find the other machines to download the newest patc-another rotation happens and the zombies have to dig through billions of fake addresses to find the other machines to download the newest pat-another rotation happens... and so on and so forth.
Your claim about 2,500 addresses is simply centralized C&C under a different name. And it is defeated in the exact same way.
Yah, I know! Although we're really going to be in trouble if someone figures out a way to store IP addresses in some sort of file. Why, if that were to happen, they might even be able to pass the IP lists from one computer to another!
Given that the majority of zombies are on home ISP networks (such as Comcast), all that would take to defeat would be for Comcast and other to rotate the IP addresses by 1 whenever the zombie traffic becomes problematic.
So the list of IP addresses becomes useless and the zombies have to fall back to random scanning.
Last week your IP address was 10.10.10.10? This week it is 10.10.10.11. So none of the other zombies can find you at the old address.
Have the botnet pass around a binary that erases the botnet binaries from the infected PC on the next reboot, then force a reboot?
Because most of them depend upon digitally signed updates now. So you cannot use the zombie code to remove the zombie code unless you first have the key.
Which makes it rather difficult.
On the other hand... writing a removal routine should be a LOT easier. A clean removal. Removing just the zombie code and ALL of the zombie code.
The problem then would be getting it to run on the zombies.
This is where the ISP's come in. It's easy enough for them to redirect all your traffic to a web page with the removal code available there. And since it is easy enough to identify the zombies, their IP addresses and their ISP's... that should be easy, right?
Except it would cost the ISP's some money and they won't do that unless someone forces them to spend the money. So it will take a new law requiring them to do so.
I'm only asking, because, as much as we hate botnets and trojans and malware, that, any sort of world capable of rapidly sniffing out and squelching "bad" content is a world that is capable of sniffing out and squelching out "any" content.
It isn't the content. It's the volume (number of messages in this case).
You can say whatever you want. But when you start flooding mail servers with your messages, you've lost the moral high ground.
Now as to whether blocking zombies is the same a sorting through the content of email messages... if you're worried about that I recommend encryption. There are lots of forms of encryption available.
Perhaps in this case, just as many of us accept some combination of deaths from gun violence, abortions, incendiary speech, and family breakdowns and other things, that come as a consequence of the misuse of freedom, might accept spam as a misuse of freedom too, rather than try and trade it all for a world that has no freedom at all.
That's a rather extreme jump. So far I haven't seen anyone proposing that we surrender all of our Freedoms.
Let's use this botnet as an example. 250,000 zombies. What is the likelihood of finding another zombie with random scanning? Not to mention that not everyone leaves their machines on all the time. And even the machines that are on all the time don't always keep the same IP address. Comcast seemed to change my IP address every month.
Somehow, somewhere, the new code has to be uploaded to the zombies. New spam messages. New address to send the spam to. Patches to the zombie code. No matter how you phrase it, that's Command and Control.
Propagating those updates is simple if all the zombies know them. It becomes very slow if it is random chance that propagates the updates.
Of course, you can speed up the process by having the zombie increase the scans. But then you run the risk of the person complaining that their machine is "slow" and having someone wipe it and re-install it.
A layered approach would be the best for the zombie master. Centralized C&C for speedy deployments with P2P for a fall-back in case the original C&C is unavailable. At least then he could regain control of the zombies.
BUT!!!!!
Why isn't anyone focusing on the domain names? Implement a 1 week wait for new domain name deployments so that the payment has time to clear the bank. That way you'll be able to identify the guy paying for the domain names.
While the current inhabitants might not be technologically capable, the system as a whole seems like it was designed and built by a culture far more advanced than ours.
They live inside the organic expert system (hive mind) that provides everything they need. The only difference being that they don't seem to lose their individuality. But the other animals there do and can be controlled by them or by the hive mind.
Instead of Neal Stephenson's "veg out" and Star Wars article, I'd link this more to Star Trek (TOS). The difference being that in Avatar, the world/computer/ship isn't malfunctioning (that we can tell) and doesn't need our help to repair it/save the inhabitants.
There are only two ways to really fix internet security: wait for technology to improve through private industry, or pull the plug.
One other way. The government can mandate standards that all products must meet in order to be considered for purchase by the government.
Think TCP/IP.
Then, keep extending the spec as new advances are made. But keep it focused on different vendors supplying different segments... and all working together because they all follow the same spec.
Since there's no authority, he cannot force anyone to do anything.
Since he is the "Czar", he CAN make recommendations.
Any department that doesn't follow his recommendations is on their own when they get cracked.
Any department that DOES follow his recommendations has an easy out when they get cracked. They blame him.
Meanwhile, he's busy setting up all of his family and friends with high paying, low responsibility jobs with the companies trying to get him to "recommend" their products/services.
If anything, the fact that you wrote down that there might be a problem would be used against you. You set a trap or something. That's how you knew there would be a problem.
This is management. Does anyone who's ever held a tech job believe that you writing down that your boss is, effectively, an idiot won't be used against you?
I have a copy of the keys to your home. None of your keys are gone. All your stuff is still in your home. All your food is in your fridge. And your bed still smells the same. I only came in and watched a bit of TV. You didn't even know till I told you. So I did nothing wrong?
His job was to be in there so being in there is irrelevant. That's part of what he's supposed to be doing.
I have your bank codes, which I changed so you cannot access your money. Your money is still there. The amount of money is still the same. Your money is still serving the bank. So I didn't steal anything?
All of the services were available to all of the users. So there wasn't anyone who couldn't access any of the services (except the passwords).
This is a service issue. Your examples focus on physical items.
It's very easy to build a "model" for something. You just abstract everything until it is meaningless.
Since this article is locked behind a pay site, it's going to be difficult to evaluate it at the moment.
From TFA:
Despite the difference in demographics in both cases, social groups still tend to form around individuals who are able to add complementary skills to the collective.
The researchers devised a mathematical model to describe the formation of these social groups.
This model can also be used to analyse how the groups react to or are affected by external forces.
So if GroupA lacks characteristic B and person C has characteristic B but not characteristic D which would negatively affect GroupA then GroupA may admit person C.
Writing it is simple. Defining characteristics in quantitative methodology is the difficult part. How much of B offsets how much of D?
Slashdot Mirror
Well then you shouldn't have a problem linking to it, right?
Right?
Oh, you can't.
Is it because you don't know how to post a link a here?
Is that it?
Do you want me to tell you how to do that? I can.
Tell me that you want me to teach you how to post a link.
So you are saying that I do not control the routing in a honey net? Is that it?
Or that I don't control the IP addresses? Maybe that is it?
Or that I don't control the machines on it? Is that what you think?
Just tell me that you want me to teach you how to post a link. It's okay if you don't know how to do that. You don't have to feel bad about it. It's okay. Ha ha hahahahahahaha
First off, the guy announced himself.
Secondly, he was hit 23 times.
Thirdly, 47 expended cases were found.
That means that those people missed the thief better than half the time. After he had announced himself.
Yeah, I'm going to say that that kind of shooting, in an aircraft, is going to hit the other passengers.
Because guns always point to the bad guys, right?
No. They don't.
The people holding the guns won't be able to tell who the bad guy is because they will not have seen him start shooting. They will pull their guns and point them in the direction they think the bad guy is.
Which will be towards the passengers in front of them. Which is what those passengers will see when they look behind them.
If your name is on a no-fly list, you send a different guy who's name is not on the list.
If you cannot find someone who's name is not on the list, you buy guns and go on a shooting rampage inside the terminal where all the other travelers are standing in line, holding their shoes.
The terminal closes and all the flights are re-directed to other landing strips. If you pick the terminal right and the day right, you pretty much shut down all travel in that sector.
The bad guy at the back of the plane will draw first. So that means probably one person dead no matter what.
Then the good guys in the front of the plane turn and see everyone behind the bad guy with their guns drawn. How are they supposed to identify the bad guy in that split second?
Meanwhile, the other bad guy at the front of the plane starts firing at the people at the back of the plane so they return fire, hitting the good guys at the front of the plane. And the good guys at the front of the plane return fire on the good guys at the back of the plane.
Everyone ends up dead and the bad guys only had to fire a few shots.
Now look at how many people die every year from other causes.
If you are in the USofA, you are more likely to be killed by someone in your own family than by a terrorist.
But that is the problem.
Because terrorism is so rare, when it happens it is covered in the newspapers, on TV, on the radio, etc. Repeatedly. For weeks.
Whoa there, son.
You might want to add "reading with comprehension" to the list of things you've failed. No where did I say that. Feel free to re-read and post a link if you can find that.
Yep! You might also want to add "honey net" to the list of your failures. That is one of the properties of it.
Yeah, you might want to address the points that you keep failing at before making statements like that. It only seems "godlike" because your understanding is so limited.
Once you address the flaws in your understanding, you'll be better able to hold a discussion.
You were the one suggesting that scanning 100K IP addresses was viable.
Yes you were. :)
And yet the math doesn't add up. Looks like your "work" hasn't been of much value.
What was that about the "work" you did? It's addresses. Since I control the routing, it would appear to the infected machines that there are billions of addresses with machines at those addresses.
So what is this "work" you do that you fail basic math AND you fail basic routing?
Yeah. So you'd start a list of addresses and when the zombies no longer worked, you'd fix the list of addresses.
So, how are you going to fix the list of addresses when you cannot connect to the zombie anymore because it has the wrong addresses in it?
Again, nice "work" there.
LMAO.
You're talking about caching 100K addresses on a botnet that has 250K members.
Remember that part where I told you that you failed math? You just failed again. This "math" thing is kicking your ass.
What is this "once in a while". It needs to occur more frequently than the ISP's rotation of IP addresses. Again, you fail.
Which means that those 10,000 connection attempts (I won't even go into how you have no idea what the size of a packet is) need to happen before the next rotation or they're useless. Again, routing and math. You fail them both.
You might want to review how file sharing clients work. Because you seem to have missed the part where they INITIALLY connect to a centralized server for a list of clients sharing a file.
But in your "work" you probably knew that already, right?
Looks like you failed file sharing, also.
Wouldn't that information be easily available by watching what one of the boxes in the honey net does after the IP address rotation?
Like I said, you fail routing. Big time.
Seriously. You need me to point out each of the basic flaws? And only then do you try another flawed work around. Why is that when you claim to have so much "work" experience?
Since I keep pointing out the flaws in your "work", this must be some new definition of "think" that means "make errors".
Yeah, you might want to work on that "think" thing again.
I've already explained how to I would approach the problem. YOU are the one claiming that it wouldn't work and offering up all the flawed approaches (and math failures) trying to show that it wouldn't work.
You don't even know how LimeWire works. I mean, really. It's not magic.
You lost. If you cannot admit that, that's fine. Right now all you are doing is demonstrating how badly you've lost.
Why wouldn't they be active? They're in a honey net. The machine communicating with the external zombies has already validated them.
So in your mind, having all the zombies validate all of the IP address before accepting them is rational?
They'd die just from the traffic of 250,000 connection attempts each.
After 4 IP address rotations, they'd EACH be validating a MILLION address.
And with a simple filter at the ISP level, they'd UNLEARN the 2,500 address you claimed would re-start the zombies after the IP swaps.
250,000 machines validating 1,000,000 addresses = 250,000,000,000 connection attempts.
Looks like you failed math big time.
Which makes it even easier because then all you need is a honey net and some virtual machines to be continually "re-infected" and load that file with over a billion fake IP addresses. Or 2 billion.
So when the IP address rotation happens, the zombies have to dig through billions of fake addresses to find the other machines to download the newest patc-another rotation happens and the zombies have to dig through billions of fake addresses to find the other machines to download the newest pat-another rotation happens ... and so on and so forth.
Your claim about 2,500 addresses is simply centralized C&C under a different name. And it is defeated in the exact same way.
Given that the majority of zombies are on home ISP networks (such as Comcast), all that would take to defeat would be for Comcast and other to rotate the IP addresses by 1 whenever the zombie traffic becomes problematic.
So the list of IP addresses becomes useless and the zombies have to fall back to random scanning.
Last week your IP address was 10.10.10.10? This week it is 10.10.10.11. So none of the other zombies can find you at the old address.
Because most of them depend upon digitally signed updates now. So you cannot use the zombie code to remove the zombie code unless you first have the key.
Which makes it rather difficult.
On the other hand ... writing a removal routine should be a LOT easier. A clean removal. Removing just the zombie code and ALL of the zombie code.
The problem then would be getting it to run on the zombies.
This is where the ISP's come in. It's easy enough for them to redirect all your traffic to a web page with the removal code available there. And since it is easy enough to identify the zombies, their IP addresses and their ISP's ... that should be easy, right?
Except it would cost the ISP's some money and they won't do that unless someone forces them to spend the money. So it will take a new law requiring them to do so.
http://en.wikipedia.org/wiki/Welchia
Ah, the good old days.
It isn't the content. It's the volume (number of messages in this case).
You can say whatever you want. But when you start flooding mail servers with your messages, you've lost the moral high ground.
Now as to whether blocking zombies is the same a sorting through the content of email messages ... if you're worried about that I recommend encryption. There are lots of forms of encryption available.
That's a rather extreme jump. So far I haven't seen anyone proposing that we surrender all of our Freedoms.
Let's use this botnet as an example. 250,000 zombies. What is the likelihood of finding another zombie with random scanning? Not to mention that not everyone leaves their machines on all the time. And even the machines that are on all the time don't always keep the same IP address. Comcast seemed to change my IP address every month.
Somehow, somewhere, the new code has to be uploaded to the zombies. New spam messages. New address to send the spam to. Patches to the zombie code. No matter how you phrase it, that's Command and Control.
Propagating those updates is simple if all the zombies know them. It becomes very slow if it is random chance that propagates the updates.
Of course, you can speed up the process by having the zombie increase the scans. But then you run the risk of the person complaining that their machine is "slow" and having someone wipe it and re-install it.
A layered approach would be the best for the zombie master. Centralized C&C for speedy deployments with P2P for a fall-back in case the original C&C is unavailable. At least then he could regain control of the zombies.
BUT!!!!!
Why isn't anyone focusing on the domain names? Implement a 1 week wait for new domain name deployments so that the payment has time to clear the bank. That way you'll be able to identify the guy paying for the domain names.
As always, follow the money.
While the current inhabitants might not be technologically capable, the system as a whole seems like it was designed and built by a culture far more advanced than ours.
They live inside the organic expert system (hive mind) that provides everything they need. The only difference being that they don't seem to lose their individuality. But the other animals there do and can be controlled by them or by the hive mind.
Instead of Neal Stephenson's "veg out" and Star Wars article, I'd link this more to Star Trek (TOS). The difference being that in Avatar, the world/computer/ship isn't malfunctioning (that we can tell) and doesn't need our help to repair it/save the inhabitants.
One other way. The government can mandate standards that all products must meet in order to be considered for purchase by the government.
Think TCP/IP.
Then, keep extending the spec as new advances are made. But keep it focused on different vendors supplying different segments ... and all working together because they all follow the same spec.
Since there's no authority, he cannot force anyone to do anything.
Since he is the "Czar", he CAN make recommendations.
Any department that doesn't follow his recommendations is on their own when they get cracked.
Any department that DOES follow his recommendations has an easy out when they get cracked. They blame him.
Meanwhile, he's busy setting up all of his family and friends with high paying, low responsibility jobs with the companies trying to get him to "recommend" their products/services.
It is up to the legal system to determine whether he committed any crimes.
So far, all you have is the accusations and even 3 of those 4 were dropped. So "he deserves punishment" for things that no one is now claiming he did?
Weird.
If anything, the fact that you wrote down that there might be a problem would be used against you. You set a trap or something. That's how you knew there would be a problem.
This is management. Does anyone who's ever held a tech job believe that you writing down that your boss is, effectively, an idiot won't be used against you?
His job was to be in there so being in there is irrelevant. That's part of what he's supposed to be doing.
All of the services were available to all of the users. So there wasn't anyone who couldn't access any of the services (except the passwords).
This is a service issue. Your examples focus on physical items.
The equipment was still in the same place it was before. The software was the same as before. The service was the same as before.
So how did he steal anything?
Since it is only the lawyers (and trolls) who make money off of this, why aren't those companies banding together to kill software patents?
I can understand copyrights on software.
Is it because those companies see their profits from such patents as larger than the occasional cost of buying off a patent troll?
It's very easy to build a "model" for something. You just abstract everything until it is meaningless.
Since this article is locked behind a pay site, it's going to be difficult to evaluate it at the moment.
From TFA:
So if GroupA lacks characteristic B and person C has characteristic B but not characteristic D which would negatively affect GroupA then GroupA may admit person C.
Writing it is simple. Defining characteristics in quantitative methodology is the difficult part. How much of B offsets how much of D?
Why would it be a black mark?
If anything, it shows that you can work in a highly regulated field that moves a LOT of money around at a LOT of locations with HIGH security.
As long as none of your references are named Guido, you should be fine.