Apr 23 2008

Fighting Botnets with botnets

Published by at 3:43 am under Malware

Researchers at the University of Washington want to use their own botnet to fight malicious botnets on the Internet. Basically, the paper suggests using a swarm of the Phalanx, the name of their system, computers as proxies with a small crypto-puzzle being required of the connecting computer at the start of the conversation. It would hopefully slow down or eliminate DDoS attacks by making the attacking botnet perform a massive amount of aggregate computations, thus limiting their effectiveness.

I see a number of problems with this approach, not the least of which is the fact that it would need to have a distributed DNS architecture that trusts the Phalanx system to work. If the Phalanx system itself was compromised, the potential for damage far outweighs any benefit that it might have created. While DDoS is still a problem, it’s not a common problem and it’s one that there are already a number of solutions for. The changes this would require and the potential vulnerabilities far outweigh the potential gain. Additionally, the thought of adding home computers to this proxy botnet adds a whole additional layer of security concerns, primarily more worries about the whole system being compromised and used to promote the exact sort of DDoS it was designed to prevent.

All in all, this is an interesting intellectual exercise, but nothing that’s actually going to see the light of day. At least it’s not a rehash of the ‘let’s infect computers with a friendly virus to combat malicious viruses’ concept.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

2 responses so far

2 Responses to “Fighting Botnets with botnets”

  1. kurt wismeron 23 Apr 2008 at 6:21 am

    calling phalanx a botnet is probably a mischaracterization… any network of computers performing a distributed task would be just as much a ‘botnet’ under that reasoning – i’m not sure seti@home or distributed.net should be lumped in with the likes of storm…

    it’s subtle but i think there’s a distinction to be made between a computer that’s being remotely controlled in aggregate by a 3rd party and a computer that has software to perform a specific distributed task for a 3rd party…

  2. Martinon 23 Apr 2008 at 6:29 am

    Good point, Kurt. I also didn’t see much in the paper about expanding to use home computers and suspect both concepts came from the New Scientists author.


%d bloggers like this: