To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Last time I looked at the wiki, there was a fair amount of discussion of how to make the system resistant to attacks against the distributed structure, not only on the network level, but on the personal level.
Among other things - categorizing spam - sending first contact messages and maintaining communications - writing and validating opt-out scripts - verifying that legitimate vendors are not being targetted by joe-job spam runs will all have to be distributed across people who, to a large extent, have not met one another. With BS, you had to trust a small number of people behind the project only; with a P2P model, you need a good community judgement model. A number of very interesting papers on distributed trust hierarchies are going into designing these aspects of the system. Regards Mark On 5/29/06, Christian Kreibich <[EMAIL PROTECTED]> wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > Gadi, > > On Thu, 2006-05-25 at 06:34 -0500, Gadi Evron wrote: > > > > Well, I went to visit pipikaki, the project named as Black Frog. > > it's called Okopipi. That name is only somewhat less silly, but the one > you've chosen has, uhm, seriously bad connotations in German, so let's > make sure no-one picks that one up accidentally. :) > > > <ge-> further, P2P is just as vulnerable to attack > > You've said that in your other email too, and it's not that simple. The > question is whether a grassroots project like Okopipi, with too much > press coverage on top of everything, will manage to assemble the > resources in skills, finances, and manpower, to build one that is > actually DDoS-resistant. > > A key aspect of BS's strategy, one that MJR carefully points out in his > write-up, was the human element in the loop. It was the bit that made > domain-hopping etc irrelevant because BS were supposedly only going > after the more stable actual sales channels. Okopipi's description is > very thin on this bit; in fact, I haven't managed to find anything > definitive in their wiki. Please someone correct me if I'm wrong. > > Don't get this wrong -- reading that wiki I share doubts about this > project. I just don't think there's as much reason to think > categorically negatively of it as you suggest. > > Cheers, > Christian. > -- > ________________________________________________________________________ > http://www.cl.cam.ac.uk/~cpk25 > http://www.whoop.org > > _______________________________________________ > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > All list and server information are public and available to law enforcement > upon request. > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets > _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
