What a Botnet Looks Like 122
Esther Schindler writes "CSO has an annotated, zoomable map of real botnet topologies showing the interconnections between the compromised computers and the command-and-control systems that direct them. The map is based on work by security researcher David Voreland; it has interactive controls so you can zoom in and explore botnets' inner workings. Hackers use botnets for spamming, DDoS attacks and identity theft. One recent example is the Storm botnet, which may have comprised 1 million or more zombie systems at its peak. As with any networking challenge, there are good (resilient) designs and some not-so-good ones. In some cases the topology may be indicative of a particular botnet's purpose, or of a herder on the run."
Flash site, very funny. (Score:5, Funny)
To get a good look at a botnet they say, "You need to upgrade your Flash Player". How true!
Re: (Score:1, Informative)
It is true [slashdot.org].
Oh come on. (Score:2, Interesting)
Who modded this "offtopic"? The site requires the latest and greatest flash player to look at a freaking image when everyone knows that Flash has big fat holes in it. They might as well made it IE only.
Re: (Score:3, Insightful)
Not necessarily this post, but if I'm to believe what these folks (willhill, et al.) are telling me, twitter has had some informative posts and if he feels the need to "sockpuppet", mod the puppets, leave the information. Coming into this war fairly fresh, it looks like someone is trying to discredit a logical poster instead of informing people. Stick it in your signature if it's that important to you and contribute to the site so you get modded up instead of spamming.
Re: (Score:2, Insightful)
The best way to combat sockpuppets is to raise awareness of their existence and the parent-child relationship. Sure, sometimes that info is OT when post IS actually informative, or insightful, or whatever... in whic
Re: (Score:1, Offtopic)
Then, the next time I see you posting something I disagree with, I'll jump in with all my sockpuppets and create the illusion of a discussion between many people, most of which happen to agree with me. Then someone else who thinks they're using their moderator points in for a righteous cause will mo
Re: (Score:1, Offtopic)
Re: (Score:3, Insightful)
Re:Flash site, very funny. (Score:5, Funny)
Re:Anonymous Coward (Score:5, Funny)
Re: (Score:2)
To make this truly useful, the addresses should be in a text searchable format. Then, one could truly look for one's own address, or a client's address, or a friends address, or just block email from them, or whatever. This is only eye-candy, and we all know what that is only useful for.
InnerWeb
What a Botnet Looks Like (Score:5, Funny)
Ob. XKCD reference (Score:5, Funny)
Thanks for posting... (Score:4, Funny)
Re: (Score:2)
Had a brain cramp a moment ago.
Re:Thanks for posting... (Score:5, Insightful)
My current RBL has about 6.5 million entries, and is extremely permissive. It is also updated bi-hourly.
I sure wouldn't want my machine to traverse a hosts table of 7 million hosts every time I tried to look up a name in the DNS.
Same for your firewall, 7 million entries will cripple iptables. Hell, 30,000 entries causes visible slowness on a dual-core opteron system.
Of course, you might get better performance out of iptables with the ipsets kernel patch. But that's still a damned big list.
Re: (Score:1)
Like parent stated, it will only slow down your packets. No real benefits will be gained.
Re: (Score:1)
Apart from memory constraints, why should there be a slowdown?
Aren't IP addresses a numeric type that can easily be looked up in a hash table or a balanced binary tree?
If the lookup algorithm is O(N) then I'm going to kill someone.
Re: (Score:2)
I'm not quite sure why you'd block on host names instead of IPs for this purpose, but whatever.
Re: (Score:2)
Second, when you have many rules in iptables, it becomes extremely expensive to insert another one. It will take a long time, and no other iptables administrative operation can happen at the same time.
Third, inserting rules with iptables-restore helps but not enough. I also mentioned ipsets as a solution, but that requires patching your kernel. I also don't know if it's good enough or not.
Fourth, 2^32 is
Re: (Score:2)
Re: (Score:2)
Re: (Score:1, Informative)
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
0.0.0.0 is smaller in RAM than 127.0.0.1 because the numbers look smaller?
Re: (Score:2, Funny)
Re: (Score:2)
Re: (Score:2)
Maybe it's my ignorance... (Score:2)
How can one say with confidence that the design is purposeful?
reminds of the sexual partners mapping... (Score:5, Interesting)
Re: (Score:2)
I looked through this pretty closely (it's amazing what boredom will do :). I could only find one same-sex encounter, and it wasn't in the largest group. It's in the second to the right structure along the top. Right in the middle of that group there's a triangle with a female-female encounter. I wonder if that triangle was three separate incidents, or one very lucky guy :D
Anyone see anything else interesting? What's the highest number of partners for one individual?
Extra note: I just went and looked agai
Re: (Score:2)
As for the actual groupings, did anyone else notice that in all except the big huge "we sleep around a lot" map then the girls were more likely to have multiple partners? Both the two in the top-right and the star pattern that's not quite in the bottom-left have clusters around a pink blob and then mainly single partner chains from there.
Yes, there's more lone guys with two female partners, but other than that then the girls seem
Re: (Score:2)
As far as the big loop, I think it's less promiscuous than it seems as first. If you look closely, there are a lot of two partner people, and most of the branches are formed by someone with three. Considering this is an 18 month study in a high school, it's not unheard of for them to have two or three somewhat long term relationships, especially if one ended right at the beginning of the study.
I see what you mean about the ratio of males to females among multiple partners. The most I could find was a male
Re: (Score:2)
Bad form, I know, but I had to add this.
I found the article. http://faculty.washington.edu/stovel/chains.pdf [washington.edu]. Still no raw data though.
Re: (Score:2)
1. It is easier for women to get laid,
2. 10% of men sleep with 90% of women, and
3. It is easier for women to get laid.
Say you're an attractive woman. You walk into a party. Instantly the vast majority of guys and an appreciable minority of women want to take you home.
Say you're an attractive guy. You walk into a party. Instantly the vast majority of women consider that they might signal to you in some subtle fashion that they are interested in
Re: (Score:2)
Re: (Score:1)
The lucky bastard!
Re: (Score:2)
Wow - I can see my house from here! (Score:3, Interesting)
If he generated a KML file... (Score:2)
Check out the losers (Score:5, Funny)
But what's hilarious is that there are some ip addresses that are slaves to four or five different botnets. I wonder what the owners of those machines think?
"Man, the internet sure is slow today!"
"I need a new computer, this one's all slow."
"Sweet! Five botnets and counting! I'm part of something! I belong!"
Re:Check out the losers (Score:5, Insightful)
I do know what those users think, and it's very much like you posited: "My computer has become unusably slow, and I don't know why or how to fix it!" Unfortunately that was followed by, "Aunt Esther, can you tell me what's wrong?"—and thus I spent half a day killing enough of the junk that I could install a firewall, antivirus, etc.
People like my nephew aren't unwilling to learn. They're just lost when it comes to their computers. And they don't particularly mind being ignorant as long as the equipment works right (or appears to). Just as most of us don't feel the need to understand how a car works in order to drive one.
Some of us remember the days when we wistfully wanted computers to become easy enough for ordinary people to use them. Alas, we got our wish.
Re:Check out the losers (Score:4, Interesting)
Yes, but people are often more familiar with what a car needs. Regular oil changes, maintenance, gas; they might not know (or care) why the car needs these, but they know that if they don't, the car will fail to work.
People don't even know that much about computers, about what they shouldn't do, even if they don't know why.
Re:Check out the losers (Score:4, Insightful)
Not everyone does understand basic maintenance. You'd be amazed. Plenty of people wait until the car breaks down before they think to get it serviced.
And they don't like to gain even basic knowledge. In the gas crisis of the late 1970s, my (then-)mother-in-law waited 40 minutes at a gas station before she got to the pump. When she discovered it was self-serve, she drove away, because she didn't know how to use the pump herself. (Yes, obviously all she had to do was ask the person behind her—who'd be motivated to help—but she didn't.)
Also, even when people take the car in for maintenance, it's something they do out of distrust for the practitioners. That's better than not taking it in, of course, but it's inherently a combative relationship: what's the mechanic gonna tell me I need this time?
The thing is, few of us want to be experts in every technology we use. We just want it to work.
None of which excuses ignorance, mind you, but it does explain it.
Image!!! (Score:2)
It will save you that day of irritation and removing all the junk.
I guess that's worth a few bucks, isn't it?
Re: (Score:1)
Pre-SP2, I only ever ran Spyware searches when I installed software I *knew* came with spyware, with no way to install it otherwise. I've since found better alternatives...but apart from tracking cookies, I get nothing now. Anyways, so even after doing a new installation of XP, along with 5-10 or so spyware filled programs, I'd get about 50 or so
Re: (Score:2)
Wait what?
Re: (Score:1)
I, for one.. (Score:5, Insightful)
How it looks like? (Score:3, Funny)
Ha Ha! (Score:3, Funny)
Re: (Score:1)
Honeynets seem to be doing their thing (Score:4, Interesting)
Hey, (Score:1)
Re: (Score:1)
127.0.0.1 (Score:4, Funny)
Re: (Score:2)
Stop it.
How does eNom... (Score:3, Funny)
Registrant Contact:
elnopic
elnopic elnopic (elnopic@elnopic.com)
+1.2435543
Fax: +1.5555555555
123 sdhdsa g
asdf, AD 34215
US
Do they not even try to verify this information?
Re: (Score:3, Interesting)
Coincidence? I think not!
Too many bots! (Score:3, Funny)
Either that or they've rendered the botnet on a white background in apple white with light grey lines.
(i.e. it seems to be Slashdotted
yeah... and (Score:3, Interesting)
Any self-respecting revolutionary knows that you have a distributed network, so that even if a cell goes down, you can still pass messages.
Hell... I wish IRC could learn from this, I've had enough of netsplits. By rights only the server that goes offline should be affected if it goes down, it shouldn't split the network into 2 massive sections.
Yeah the image looks nice, and is all "ooohhhh ahhhh" and lends itself to "Hey... that's me", but really "News"? I think not
Call me when they have an article as to how they got this information
-1 "Cynical Bastard"
Re: (Score:2)
Some nice-focal points there (Score:2)
Tool? (Score:2)
Re: (Score:2)
Hey.... (Score:2, Funny)
Funny IP: 1.3.3.7 (Score:1)
Ant Martha (Score:1)
hacker != blackhat (Score:1)
... come on, this is
David VOREL, not Voreland. (Score:2)
David is lead on the Czech Honeynet Project - http://www.honeynet.cz/?mmenu=home&smenu_int=0&lang=en&vmetr=1 [honeynet.cz]
How do do that? (Score:2)
Re: (Score:2)
I had a computer error. Swear i didn't write it like that.
haha.
Re: (Score:3, Funny)
Was it just me, or did anyone else imagine parent as speaking in the voice of max headroom?
Re: (Score:1)
If the answer is yes, then there would be some point to your idea. It would probably not be practical to do what you're suggesting, and it may run counter to some people's ideas of personal freedom. Probably you would piss off a hell of a lot of people.
If the answer is no, then the same flaws apply as above, except that it would be ultimately pointless. There's an evolutionary principle called the Red Queen effect that you should be aware of. It's kind of a con
Re: (Score:2)
*nix's aren't hacked very often in mass groups, yet you put a non patched windows system on the net and it will be pwned by the time you can download the security updates.
Lock the windows and force the crackers to fin
Re: (Score:1)
*nix's aren't hacked very often in mass groups, yet you put a non patched windows system on the net and it will be pwned by the time you can download the security updates.
Okay, so *nixes (*nices?) have a better security model. That's good, but how different would things be if we had one vast monoculture of *nix machines? That's the question. Is there a perfect security system that we're getting closer to, or are we just running as fast as we can just to stay in the same place?
I'm not arguing against increased security efforts. I'm just arguing against draconian methods of doing so, on the basis that they may ultimately be ineffective, in the sense that they would not alter
Re: (Score:2)
There is no monoculture in *nix. There never really was one.
Re: (Score:1)
Re: (Score:2)
So, in reality, what you should say is that all the security advice on the planet cannot stop bot activity, no matter how smart people claim to be.
Re: (Score:1)