Apr 23 2008
Researchers at the University of Washington want to use their own botnet to fight malicious botnets on the Internet. Basically, the paper suggests using a swarm of the Phalanx, the name of their system, computers as proxies with a small crypto-puzzle being required of the connecting computer at the start of the conversation. It would hopefully slow down or eliminate DDoS attacks by making the attacking botnet perform a massive amount of aggregate computations, thus limiting their effectiveness.
I see a number of problems with this approach, not the least of which is the fact that it would need to have a distributed DNS architecture that trusts the Phalanx system to work. If the Phalanx system itself was compromised, the potential for damage far outweighs any benefit that it might have created. While DDoS is still a problem, it’s not a common problem and it’s one that there are already a number of solutions for. The changes this would require and the potential vulnerabilities far outweigh the potential gain. Additionally, the thought of adding home computers to this proxy botnet adds a whole additional layer of security concerns, primarily more worries about the whole system being compromised and used to promote the exact sort of DDoS it was designed to prevent.
All in all, this is an interesting intellectual exercise, but nothing that’s actually going to see the light of day. At least it’s not a rehash of the ‘let’s infect computers with a friendly virus to combat malicious viruses’ concept.