On Sat, Sep 01, 2007 at 03:46:45PM +1200, Peter Gutmann wrote: > I feel I should add a followup to the earlier post, this was implied by the > rhetorical question about what the LINPACK performance of a botnet is, but > I'll make it explicit here: > > The standard benchmark for supercomputers is the LINPACK linear-algebra > mathematical benchmark. Now in practice the LINPACK performance of a botnet > is likely to be nowhere near that of a specially-designed supercomputer, since > it's more a distributed grid than a monolithic system. On the other hand bot- > herders are unlikely to care much about the linear algebra performance of > their botnet since it doesn't represent the workload of any of the tasks that > such a system would be used for.
Another interesting use may be data hiding. The botnet software could
store information in RAM (never on disk), and replicate it to other
nodes. If one node goes down, other nodes will still have the
information. If one node detects that virusscanners or forensic tools
are being used, it can easily wipe the information from RAM or just
reboot the machine without fear that the information would really be
lost.=20
Experience with tinc (a VPN daemon with peer-to-peer like architecture,
which replicates certain information to all daemons in a single VPN),
showed that even in a network with only 20 nodes, it is extremely hard
to get rid of information. You either need to shut down all daemons at
the same time to make sure all state is lost, or modify the software to
allow explicit deletion of certain information. With more that 1 million
nodes it will be even harder to delete data.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <[EMAIL PROTECTED]>
signature.asc
Description: Digital signature
