Bots don't honor 301 :(

VirginSnow at vfemail.net VirginSnow at vfemail.net
Tue Jan 13 12:00:13 EST 2009


> Date: Tue, 13 Jan 2009 09:18:31 -0500
> From: Dan Jenkins <dan at rastech.com>
> CC: gnhlug-discuss at mail.gnhlug.org

> botnet (using the higher numbers) was accurate and, for sake of
> argument, 10 web sites are hosted on a server on average (purely out of
> thin air number I made up), there are 19,000,000 web servers. So, for
> sake of argument (do we need a sake for argument?), there are more
> botnets than web servers. :-)<br>

Yes, but the number of compromised hosts isn't critical - it's the
number of unique scan queues which is important to evading tarpits.
If a botnet has 50,000,000 nodes, is vulnerable to tarpitting, and
scans every IP address on the Internet in exactly the same order, then
a single tarpit would still save 1/2 the hosts on the Internet from
ever being probed.

The crucial element is the *order* in which prospective hosts are
scanned.  Assuming the bot is deterministic, hosts are likely to be
scanned in the same order by every copy of the bot.


More information about the gnhlug-discuss mailing list