Bots don't honor 301 :(

Tom Buskey tom at buskey.name
Tue Jan 13 16:00:45 EST 2009


On Tue, Jan 13, 2009 at 12:00 PM, <VirginSnow at vfemail.net> wrote:

> > Date: Tue, 13 Jan 2009 09:18:31 -0500
> > From: Dan Jenkins <dan at rastech.com>
> > CC: gnhlug-discuss at mail.gnhlug.org
>
> > botnet (using the higher numbers) was accurate and, for sake of
> > argument, 10 web sites are hosted on a server on average (purely out of
> > thin air number I made up), there are 19,000,000 web servers. So, for
> > sake of argument (do we need a sake for argument?), there are more
> > botnets than web servers. :-)<br>
>
> Yes, but the number of compromised hosts isn't critical - it's the
> number of unique scan queues which is important to evading tarpits.
> If a botnet has 50,000,000 nodes, is vulnerable to tarpitting, and
> scans every IP address on the Internet in exactly the same order, then
> a single tarpit would still save 1/2 the hosts on the Internet from
> ever being probed.
>
> The crucial element is the *order* in which prospective hosts are
> scanned.  Assuming the bot is deterministic, hosts are likely to be
> scanned in the same order by every copy of the bot.
>

Even the 1st internet worm (the RTM one) in 1990 picked hosts in random
order.

I've been reading SANS newsbites and Bruce Schenier's blog for awhile.  The
botnets have become sophisticated in recent years.  It's no longer script
kiddies working after school.  It's criminals with professional computer
experience that are getting paid to do this kind of work.

Some of these botnets lease out to other criminals.  They'd want to keep
that revenue stream free from tarpits, etc.  One botnet (that was used for
spam at least) got shutdown for a day when an ISP that hosted most of its
control bots was taken off the internet.  There were some interesting
analyses of what it di to reconnect.

An argument could be made that these botnets are the early appearence of
Cloud Computing.  SETI is another one.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20090113/ed950cc7/attachment.html 


More information about the gnhlug-discuss mailing list