On Mon, 31 Jul 2006, Dean Anderson wrote:
> You are approaching the problem the wrong way. Many
failover systems
> work very well when the primary fails entirely--when
the salesman pulls
> the plug. Few work well when the primary doesn't
entirely fail, but
> just doesn't work correctly, as is usually the case in
the real world.
Such as? How does it apply to the network world?
> Try that approach on the C&Cs: infiltrate and use
the C&C to the
> botnets' disadvantage. Probably, you can cause an
"upgrade" to be
> distributed to the infected hosts that doesn't have a
secondary control
> channel, but that doesn't overly alert the human bot
operators until its
> too late.
Infiltration is intelligence, not network.. uploading a file
is illegal
and unethical...
Good solid ideas, but unfortunately failed in the past.
>
> Of course, Nanog seems not to appreciate my
contributions, so I won't be
> sharing anything else I know about the problem. Good
luck.
>
> --Dean
>
> On Mon, 31 Jul 2006, Gadi Evron wrote:
>
> >
> > On Sun, 30 Jul 2006, Gunther Stammwitz wrote:
> > > The really interesting question is when
botnets are going to use
> > > p2p-technologies since one wouldn't know how
to stop them then.
> > > Please let that never happen....
> > >
> >
> > I am not sayin gyou are wrong, or that dynamic
channels won't happen far
> > more widely. Currently they are not widely used as
they are not
> > needed. Web, IRC, etc. are quite efficient.
> >
> > That said, there is one problem to solve with
every evolved C&C, the more
> > complex it is the easier it is to follow.
> >
> > Gadi.
> >
> >
> >
>
> --
> Av8 Internet Prepared to pay a premium for better
service?
> www.av8.net faster, more reliable, better
service
> 617 344 9000
>
>
|
