On Mon, 31 Jul 2006, Dean Anderson wrote: > You are approaching the problem the wrong way. Many failover systems > work very well when the primary fails entirely--when the salesman pulls > the plug. Few work well when the primary doesn't entirely fail, but > just doesn't work correctly, as is usually the case in the real world.
Such as? How does it apply to the network world? > Try that approach on the C&Cs: infiltrate and use the C&C to the > botnets' disadvantage. Probably, you can cause an "upgrade" to be > distributed to the infected hosts that doesn't have a secondary control > channel, but that doesn't overly alert the human bot operators until its > too late. Infiltration is intelligence, not network.. uploading a file is illegal and unethical... Good solid ideas, but unfortunately failed in the past. > > Of course, Nanog seems not to appreciate my contributions, so I won't be > sharing anything else I know about the problem. Good luck. > > --Dean > > On Mon, 31 Jul 2006, Gadi Evron wrote: > > > > > On Sun, 30 Jul 2006, Gunther Stammwitz wrote: > > > The really interesting question is when botnets are going to use > > > p2p-technologies since one wouldn't know how to stop them then. > > > Please let that never happen.... > > > > > > > I am not sayin gyou are wrong, or that dynamic channels won't happen far > > more widely. Currently they are not widely used as they are not > > needed. Web, IRC, etc. are quite efficient. > > > > That said, there is one problem to solve with every evolved C&C, the more > > complex it is the easier it is to follow. > > > > Gadi. > > > > > > > > -- > Av8 Internet Prepared to pay a premium for better service? > www.av8.net faster, more reliable, better service > 617 344 9000 > >
