On Sat, Sep 01, 2007 at 03:46:45PM +1200, Peter Gutmann
wrote:
> I feel I should add a followup to the earlier post,
this was implied by the
> rhetorical question about what the LINPACK performance
of a botnet is, but
> I'll make it explicit here:
>
> The standard benchmark for supercomputers is the
LINPACK linear-algebra
> mathematical benchmark. Now in practice the LINPACK
performance of a botnet
> is likely to be nowhere near that of a
specially-designed supercomputer, since
> it's more a distributed grid than a monolithic system.
On the other hand bot-
> herders are unlikely to care much about the linear
algebra performance of
> their botnet since it doesn't represent the workload of
any of the tasks that
> such a system would be used for.
Another interesting use may be data hiding. The botnet
software could
store information in RAM (never on disk), and replicate it
to other
nodes. If one node goes down, other nodes will still have
the
information. If one node detects that virusscanners or
forensic tools
are being used, it can easily wipe the information from RAM
or just
reboot the machine without fear that the information would
really be
lost.=20
Experience with tinc (a VPN daemon with peer-to-peer like
architecture,
which replicates certain information to all daemons in a
single VPN),
showed that even in a network with only 20 nodes, it is
extremely hard
to get rid of information. You either need to shut down all
daemons at
the same time to make sure all state is lost, or modify the
software to
allow explicit deletion of certain information. With more
that 1 million
nodes it will be even harder to delete data.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus sliepen.org>
|
