 brianiscool
join:2000-08-16
Miami, FL | Easy You can basically see which irc server they are connected to and see what commands there using. Then start controlling them yourself. | |
|  | 
TK Junk Mail
Go ahead, make my day
Premium
join:2002-03-03
Margate City, NJ
clubs:
 ·Comcast
| Re: Easy said by brianiscool  :You can basically see which irc server they are connected to and see what commands there using. Then start controlling them yourself. The RIAA may be taking note and could use the same techniques to "pollute" p2p illegal file sharing nets.
--
My BLOG .. .. Internet News .. .. My Web Page | |
| | | lordofwhee
join:2007-10-21
Everett, WA
| Re: Easy said by TK Junk Mail :said by brianiscool :You can basically see which irc server they are connected to and see what commands there using. Then start controlling them yourself. The RIAA may be taking note and could use the same techniques to "pollute" p2p illegal file sharing nets. No, they couldn't. Every piece of a file is checked against a hash, and if a peer consistently sends bad data, most clients simply snub that peer. | |
| | | | | brianiscool
join:2000-08-16
Miami, FL | Re: Easy Why not infect themselves and packet sniff the data? | |
| | | | mbone
join:2001-07-11
Boulder, CO
| Re: Easy If only all problems could be solved with 30 seconds of "Easy" thought. What is this a staples commercial? 
»mnin.blogspot.com/2008/04/kraken···thm.html
quote:
Greg Sinclair and I have been RE-ing Kraken since last week and wanted to share some information. The purpose of this blog entry is to answer some questions regarding the encrypted command and control protocol implemented by Kraken (otherwise known as Bobax/Oderoor) spam bots. This seems to be the most mysterious issue among A/V vendors and security researchers. We also want to release example decryptor source code and a WireShark dissector.
| |
| | | | 
KrK
Heavy Artillery For The Little Guy
Premium
join:2000-01-17
Tulsa, OK | It's an interesting idea.... Fight fire with fire, as they say.
Or to put it another way.... "Anything Man can do, other Men can un-do."
I really like the idea of P2P users being able to act as good guys to defend sites like this from DDOS attacks. | |
| | 
DeeplyShrouded
@comcast.net
| Re: It's an interesting idea.... said by KrK :Fight fire with fire, as they say. Or to put it another way.... "Anything Man can do, other Men can un-do." I really like the idea of P2P users being able to act as good guys to defend sites like this from DDOS attacks. Oh yes, let's DDOS the botnets back and slow the net down
even more. How about an even more radical solution genius?
Like, everyone who owns a PC makes sure it's free of viruses
botnets and spyware? Nah, too radical, people will never go
for the common sense approach. The more people who make
sure their PC is free of this crap, the less amount of
PC's that are infected. | |
| | |
KrK
Heavy Artillery For The Little Guy
Premium
join:2000-01-17
Tulsa, OK
·Cox HSI
 ·AT&T Southwest
edit:
April 25th, @12:01AM
| Re: It's an interesting idea.... Nice... Another anon (Troll) fires off a flame attack when he hasn't even read about the subject at hand...
It has NOTHING to do with DDOS'ing the botnet back which would be impossible anyway unless your Botnet was 100x times the size of the attacking net. Here I'll point you at it again:
»Using 'Friendly Zombies' To Fight DDoS Attacks
When you figure out how to get all those Comcast users to keep their PC's patched, scanned, and free of spyware and botnets, you get back to us, mmmkay? | |
| | | |
DeeplyShrouded
@comcast.net
| Re: It's an interesting idea.... I did read the article and believe that if you truly want
to get rid of botnets, then people should use the tools in
many cases free, to disinfect their own machines.
They're all on one site even.
»www.filehippo.com You'll find utilities like AVG
Antivirus, Avast, CCleaner, and many others.
The reason these botnets exist is because people don't
take the time to actually maintain their machines.
If the brand spanking new machine that was zipping along
when you bought it is running slower than a two legged dog
wouldn't you suspect something was wrong? I would.
Going after a botnet with a P2P network or using a P2P network
as a "shield" doesn't do anything to solve the underlying
problem. What is that going to do? The botnet will still
exist. Taken from the New Scientist article:
Beating the "botnets" – armies of infected computers used to attack websites – requires borrowing tactics from the bad guys, say computer security researchers.
"A team at the University of Washington, US, want to marshal swarms of good computers to neutralise the bad ones. They say their plan would be cheap to implement and could cope with botnets of any size."
How does this help remove the botnet? It doesn't. The
botnet would still exist. If a PC is patched, and its
software (both antivirus and adware) were up to date,
then that pc couldn't be used in a botnet.
As for me being anon, since any user can sign up with any
information claiming to be anyone from anywhere, there
really is no point in "registering" is there?
--Deeply Shrouded & Quiet
--Central Control! D-Dial #49 | |
| | | | |
KrK
Heavy Artillery For The Little Guy
Premium
join:2000-01-17
Tulsa, OK | Re: It's an interesting idea.... No, but the problem is not just going away, so blunting or blocking it with a shield and rendering it ineffectual is a good idea... If botnets start to fail, they will dry up on their own. | |
| | | | | |
DeeplyShrouded
@comcast.net
| Re: It's an interesting idea.... The point is this: no matter how you shield against a botnet
it will always be there unless the pc's are disinfected and
the botnet software removed. Want a real eye opener?
Download software that shows packets. I STILL to this day
get hit once in a while with a request from malware made in
1998 or earlier. Once it's out there, it's out there for
good unless pc's are patched. Blocking ports won't help,
because the botnet can be programmed to use another port.
What's really needed is an ISP who will take the time to
disconnect a user and say, clean your PC or you are not
allowed back on. How many ISP's have clauses in their
TOS that have to do with "causing harm" to the network:
From Comcast's AUP:
Technical restrictions
* access any other person's computer or computer system, network, software, or data without his or her knowledge and consent; breach the security of another user or system; or attempt to circumvent the user authentication or security of any host, network, or account. This includes, but is not limited to, accessing data not intended for you, logging into or making use of a server or account you are not expressly authorized to access, or probing the security of other hosts, networks, or accounts without express permission to do so;
* use or distribute tools or devices designed or used for compromising security, such as password guessing programs, decoders, password gatherers, unauthorized keystroke loggers, analyzers, cracking tools, packet sniffers, encryption circumvention devices, or Trojan Horse programs. Unauthorized port scanning is strictly prohibited;
Network and usage restrictions
* restrict, inhibit, or otherwise interfere with the ability of any other person, regardless of intent, purpose or knowledge, to use or enjoy the Service, including, without limitation, posting or transmitting any information or software which contains a worm, virus, or other harmful feature, or generating levels of traffic sufficient to impede others' ability to use, send, or retrieve information;
* restrict, inhibit, interfere with, or otherwise disrupt or cause a performance degradation, regardless of intent, purpose or knowledge, to the Service or any Comcast (or Comcast supplier) host, server, backbone network, node or service, or otherwise cause a performance degradation to any Comcast (or Comcast supplier) facilities used to deliver the Service;
That alone prohibits botnets of any kind.
Any provider that provides an "always on" connection should
in my opinion take responsibility for their network.
They just don't want to take the time to disconnect users
who are doing the very things that are against the acceptable
use policy. This of course would cost money, and people
would have to be paid to perform this task.
If you look on DLSR, you'll see a report where companies
are now charging for human contact. Pay your bill in person
with cash, and you get charged for doing so.
It's a catch-22 situation. People are lazy and want Windows
to do everything for them, and yet when MS bundles protection
in their software, other AV companies sue.
The only way botnets will dry up is when people take
responsibility for their own machines.
I don't understand why people just don't get it.
Walk up to a person with a laptop, tell them you're going
to use their laptop to spam millions of accounts and they'll
probably either hit you or call the cops, yet at home they
have broadband connections that are always on, run wireless
routers with the default configuration, and wonder why the
pc they have is so slow.
Tell me KrK, are you the one the family calls when they
have PC problems? If you are, then you know what I'm
talking about. You tell your family not to open emails
from people they don't know, they do it anyway.
Do you find yourself fixing the same types of problems over
and over again?
As I said earlier, it's a catch-22 situation.
People want the freedom to do anything they want on the net
yet they also want to be protected against viruses and
malware.
Almost 10 years ago, I said that email lists should be
whitelists, everything blocked except what you allow in.
People laughed and said that it should be the other way
around, everything allowed in except what you block.
That's the way things ended up. Everything allowed except
what you block. This is why we have the spam problem we
have today. Back then I suggested to Yahoo that they allow
whole domains to be blocked. Their answer? "We're working
on it". In other words, "go away and stop trying to make
more work for us". It would sure be nice to block the entire
country of Africa since I seem to always get mail telling
me that Prince Whatthefuck'shisname has chosen me out of
the billions of people online to collect millions of dollars.
Windows XP by default shipped with its
firewall on. People bitched, so XP turned it off.
What happened? People bitched again that they weren't
protected. So back on it went. People wanted it both ways.
Too much hassle to click "Yes" to "Allow
to access the internet?
Granted, people will click yes to programs they don't know.
But if you're working on a spreadsheet or something and
a window suddenly pops up saying a program wants internet
access and you know for a fact you didn't start that particular
program, wouldn't that be a clue that something is amiss?
So if email addresses are blocked by default, and ports are
closed by default, what happens to the spambots and botnets?
For real fun KrK, turn on Windows Messenger Service.
People STILL spam this way even though most people turn it
off once Windows is installed. I'm not sure but I think
Vista comes with it preconfigured to be off by default.
To use another analogy, when I was a kid many decades ago,
you could leave your door unlocked when you were home.
Nowadays, you have to lock your door even when you ARE home.
In today's day and age, 24/7 people around the world are
looking for a way into any PC they can get into.
Judging by the botnets and spam, there are plenty available.
--Deeply Shrouded & Quiet
--Central Control! D-Dial #49 | |
| | | | | | |
KrK
Heavy Artillery For The Little Guy
Premium
join:2000-01-17
Tulsa, OK
·Cox HSI
·AT&T Southwest
| Re: It's an interesting idea.... I'm not saying unsecured, un-patched computers aren't a huge problem... they are.
But what I was trying to convey is that if we look at it realistically, these vulnerable machines aren't just going to go away.... so technology here that blunts or shields attacks is beneficial.
Obviously, the best solution of all is to educate people into patching and securing their PC's.... but frankly, a lot of people just don't care, or are just too PC ignorant to really do much about it.
--
"Regulatory capitalism is when companies invest in lawyers, lobbyists, and politicians, instead of plant, people, and customer service." - former FCC Chairman William Kennard (A real FCC Chairman, unlike the current Corporate Spokesperson in the job!) | |
| kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH
| Inject removal tools into bot-infected systems... What they should do is infiltrate the command protocol of the botnet to access its updating mechanism, or ability to download/run new stuff, to inject a removal tool into the botnet. Sort of like ant poison. One ant takes the poison back to the colony and takes out the network.
Either that, or (a more vigilante approach), look for security holes in the botnet (if M$ can't make software that is secure, you expect a bunch of bot-writers can?) and use those to infiltrate the botnet and inject removal tools.
--
Windows Vista has detected that your mouse was moved. In order to enhance your user experience, Vista needs to contact Microsoft to re-activate the software. Please make sure you are connected to the Internet, have your credit card handy, then click OK. | |
| | | |
|
|
Researchers Explore 'Polluting' Botnets
·