Using 'Friendly Zombies' To Fight DDoS Attacks Turning BitTorrent users into community-based botnet defense squads... Tipped by gaforces 
A team at the University of Washington wants to use swarms of "good" computers to neutralize computers that are engaged in DDoS attacks as part of botnets. The system they've developed (dubbed Phalanx), uses its own large network of computers to effectively act as a shield surrounding a targeted server. The good computers not only act as a relay that protect the original host from being overloaded, but they also require that computers requesting communication with a server solve a computational puzzle. Each packet requesting to initiate a connection must either carry an authentication token or a solution to a cryptographic puzzle. These provide the burden of proof necessary for a mailbox to allow access to general purpose nonces. Authentication tokens provide support for pre-authenticated connections allowing them to begin with no delay; for example, a popular e-commerce site such as Amazon might provide a cookie to allow quicker access to its web site to its registered users. Cryptographic puzzles provide resource proofs to approximate fair queueing of requests, when no prior relationship exists between source and destination. Authentication tokens are simply a token signed by the server stating that the given client is allowed to contact that server. Instead of using trojan-infected PCs to fight the good fight, Phalanx would use PCs that have traditionally participated in Content Delivery Networks (CDN). This New Scientist report indicates that early tests have proven successful in keeping servers from being overwhelmed. The Washington team simulated an attack by a million-computer botnet on a server connected to a network of 7,200 mailboxes organised by Phalanx. Even when the majority of the mailboxes were under simultaneous attack, the server was not overwhelmed and could still function normally. In principle, simply recruiting more mailbox computers allows Phalanx to deal with any size of botnet, Dixon says. While CDN computers would form the primary line of defense, a site under attack from a botnet could also recruit its users to help lend additional help. Interestingly, the researchers think that BitTorrent users could be re-formed into community-based botnet defense squads.
|
  SlickEnWPremium
join:2003-01-21
Seattle, WA | Wow Us Super nerds are getting attention.
I'll have to find the e-whores who are working on this one, considering i'm usually on the other side of campus from the Comp Engineering Building  | |
|  |  exocet_cmYou delete it, I'll find itPremium
join:2003-03-23
New Orleans, LA
kudos:2 | Re: Wow THIS IS GREAT!
A voluntary service to fight the bad guys. I'm all for it granted I don't loose any privacy!
Sign me up | |
| | | | | Re: Wow Im ready to help also, GREAT IDEA. I have been waiting. | |
|
 gaforcesUnited We Stand, Divided We Fall
join:2002-04-07
Santa Cruz, CA
2 edits | Seems rather complicated Much better than my suggestion of DDOSing the slavedrivers to shut the DDOS attack down 
I briefly looked for the Rockem Sockem robots picture for this but gave up.
I would also volunteer for this if BBR implemented it. | |
|  BeesTeaNetwork JanitorPremium,VIP
join:2003-03-08
00000
1 edit | Might sound good in theory. Great idea in theory probably. Essentially taking the fast-flux DNS method used by miscreants and using it to take on DDOS by way of volume. This is probably the gist of Akamai service.
Here's where I think the wagon leaves the road. With a commercial service like Akamai, you have an SLA that says they'll serve exactly the content you've decided. With the ad-hoc militia-man method, while good in intent, doesn't do anything to protect from rogue nodes directing hosts as they see fit to whatever content they choose. This is probably a major issue.
I didn't have time to do more than skim the last half of the paper, but I think the gist of it points to this weakness.
EDIT: typo
--
Overpower, overcome. | |
|  ChucklesPremium
join:2006-03-04
Saint Paul, MN | I'll join... the friendly botnet if it'll keep BBR up for me while I'm at work. It's the only thing keeping me sane.
--
kustomerservice.net | |
| | |
| | All of us Yeah lets put all of us on that to be BBR's "Good" army of defenders. heh heh heh.
--
Serenity Day - June 23rd 2006. You Can't Stop the Signal | |
| | | Is this a solution? Or is it simply a way of doubling net congestion when an attack gets underway? I'm leery about this particular "theory" | |
|  DaveDudeNo Fear
join:1999-09-01
New Jersey
kudos:1 | Doesnt Vista have part of this I am not sure if its Vista, but cant it be part of the operating system which distributes requests to a group of machines in a domain, to take the load of a server group. I think i read Vista has that compability ? | |
| TheMGPremium
join:2007-09-04
Canada
kudos:1 Reviews:
 ·TekSavvy DSL
1 edit | What about the other side of DDoS attacks? Couldn't ISPs take some actions in preventing DDoS attacks?
Maybe what I'm thinking of is not possible, but anyways what I'm thinking is they could use their packet inspection/throttling hardware to fight the good fight, and cut off user's access to the server under attack if they detect the user has malware that's hammering out packets as part of a DDoS botnet.
A warning page could then be displayed to the user telling them to scan/clean their computer.
I think this battle needs to be fought from both fronts, not only protecting the servers, but also doing something about all the non-savvy internet users that let their computers become infected with botnets. | |
|  funchordsHelloPremium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:5 | Arbor Networks, are you listening? Arbor Networks' product line have features that monitor and apply policies against both DDOS attacks and P2P networks -- mainly because their footprints look similar. Certainly, Arbor is not alone in this method.
These UW guys should be sure to talk to the Arbor guys so that the good guys don't end up fighting the good guys. | |
| |  tshirtPremium,MVM
join:2004-07-11
Snohomish, WA
kudos:3
 ·Comcast
| Re: Arbor Networks, are you listening? said by funchords:These UW guys should be sure to talk to the Arbor guys so that the good guys don't end up fighting the good guys. that's one danger, the other being who decides who "the bad guys" are is another.
Today it's DDOS against a legit site, but suppose tomorrow the good bot master decides to take down your site. | |
|
 DogfatherPremium
join:2007-12-26
Laguna Hills, CA | Justin need this to fend off those peskie Ruskies. | |
| | | Attacking a network or computers is illegal, no matter the intentions or reasons. | |
| | | DDOS It appears to be under control now at BBR.
The thought I had is that the users who carry out random or unknown attacks on websites as a zombie computer should be held accountable.
Some may feel this is unreasonable considering the lack of understanding of a DDOS attack and an average users knowledge of what a DDOS really is.
The law has upheld the term Ignorance of laws doesn't make a person free from guilt.
----------------
Now to solve or help ease the congestion to a website per DDOS attack is to log the IP's that are causing this problem. Find out the domain and forward the individual ip's to the origin ISP.
After this, the ISP should alert the users on their network, letting them know they have participated in a massive attack on a specific website.
In turn the ISP should notify their customers by Letter that there computer has been infected by a virus that is making there computer act maliciously at a particular website.
In the best interest of the User the ISP should give the user options to rectify this so that the users computer does not participate in another DDOS attack in the future.
ISP should give an automated response to the complaints from the host server being DDOS'd to the user(s) and give them suggestions on how to get rid of the virus themselves since a good majority already offer anti-spy ware or anti-virus defense programs, briefly advise the user how to try and rid themselves of this problem.
If this cannot get resolved the ISP should tell them to try other methods including but not limited to having a re-install either by the user or by a certified computer professional.
---------------
What will motivate the user to make the necessary changes to fix their own computer?
A few warnings and note that if they don't respond to this threat they are a contributor to the problem either by choice or as a victim.
And the ISP should make policy like a 3 strike rule if they keep having the same issue with being a zombie computer after giving the users sufficient time to fix or address the issue on their end, then exercise a ISP policy that would temporarily suspend the users account for a few days or even a week depending on how many times this happens.
I think the user will get the point. Better fix the problem.
=------------------------------
Whether anyone thinks this is unfair or not going to work it can and at some point will be implemented once every website and ISP sees the joint interest in fixing problems like this.
The ISP's should have a method of delivery or try to assist in attempting to disable and remove the virus from the infected computer such as pointing the user to their websites FAQ or for a Fee help them get rid of the problem like tech support (fee based service, sure the ISP's like that revenue generator) or tell them to seek a local computer repair shop or a Generic Geek Squad if you will to rid the problem. If all else fails there is always a system reinstall or GO-back programs.
After going through this myself I learned quickly this is serious and nothing to mess around with.
Fair use policy is what all ISP's should try to implement and it wont be long before the Government sees the security implications and other websites that actually are loosing revenue because of a malicious attack.
-
I think its time to nip the problem in the head.
A hacker can't make you download malware but an ISP can enforce policy that makes users who fail to protect themselves from virus causing attacks like DDOS on corporate interests.
You are either part of the problem or part of the solution, its time for everyone including Gramps,Grandma and the computer illiterate users to get up with the program and start taking responsibility for what their property does.
If you own a car and it is a threat to others the law has a way of handling it, its the owners responsibility to fix issues with their car.
------------
On the other hand if the attacks are IP's that are out of the jurisdictional control of national carriers or otherwise international users (i.e. China) then for the time being the ISP or servers should be set to put a block on the ip addresses or if necessary a whole range block from what ever country is causing the problem until the ISP in question causing the problem gets pro-active in this matter.
-----------
Many would feel bothered if your TV reception was blocked because someone was talking on a Ham radio. Most likely you would get upset especially if you had nothing you could do about it.
Good thing there is and we don't have that problem.
The Key is everyone proactively getting involved and severely testing hackers by putting a leash on their activities or a restraint to some extent which would limit their ability to undermine the net in the case of DDOS.
No way you will rid all hacker activities but the DDOS is a serious threat and needs to be stopped now not later.
New hardware isn't the only answer users need to understand having access to the net is a privilege not a right.
Ask the infamous hacker Kevin Mitnick who lost his right to the internet for awhile.
- Sorry for the long post. If you don't agree be part of the solution and put some suggestions up on here that would help solve this issue if you think something different could be done to fix this other than what was suggested.
Thanks | |
| | | | Oh great, another solution Wouldn't the DDoS problem have been solved ten years ago with syn cookies if more vendors had implemented support? The "authentication tokens" and "cryptographic puzzles" sounds pretty familiar, but the rest of this infrastructure sounds like an overly complex solution to a problem that's already been solved, but was never implemented. | |
| | | Deflecting DDos attacks with ypigsfly Interesting idea to combat botnets..............how many computers will it take...........one for one? | |
|
| |
|
|
·
·