typodupeerror

• Re: (Score:2)

I'm pretty sure they don't give you direct control over the botnet. I'd suspect you can only direct who to attack, attack timing/duration, and how many bots.

Maybe there's something you could do once you know all the IPs (for instance, you could direct them at a honeypot target), but a lot of malware closes the door behind itself once a device is compromised. I'm not sure how Mirai works, but I wouldn't be surprised if it behaved in a similar fashion.

• Tomorrow will be interesting... (Score:3)

on Sunday November 27, 2016 @06:50PM (#53373451)
Cyber Monday could be interesting.

But seriously... other than causing chaos, does anything get accomplished with a DDoS that it provides some kind of value? I get the idea of a multi-pronged attack, but is there that much to gain?
• Re: (Score:3)

This.

DDoS is vandalism.

It pisses someone off; costs them; and the little botnet kiddies giggle.

• Re: (Score:3)

This.

DDoS is vandalism.

It pisses someone off; costs them; and the little botnet kiddies giggle.

It's also an asymmetric-warfare weapon of domestic and foreign dissidents against oppressive, authoritarian governments, which is the real, actual concern of those governments. This is particularly true in the US, as the government continues to become ever more authoritarian, corrupt, deceitful, and controlling, both domestically and in foreign affairs.

Strat

• Re: (Score:2)

DDoS is an inconvenience.

It is not a problem.

The attack on Dyn was mitigated in a few hours and we move on.

Dyn should have been hardened to begin with.

You and I can bring down a single web page by ourselves but we don't.

• Re:Tomorrow will be interesting... (Score:4, Insightful)

on Monday November 28, 2016 @10:22AM (#53376837)

DDoS is an inconvenience.

It is not a problem.

The attack on Dyn was mitigated in a few hours and we move on.

Dyn should have been hardened to begin with...

Dyn should have been hardened? No, more like DNS as a whole should have been hardened fucking long ago.

It's still the Achilles heel of the internet.

• Re: (Score:2)

I agree.

• Re: (Score:2)

This.

DDoS is vandalism.

It pisses someone off; costs them; and the little botnet kiddies giggle.

Given the impact of attacking DNS, and the proliferation of State-sponsored hacking groups, I think we can stop with the giggling kiddies references now.

Not sure when we'll learn with DNS either. The security community has been preaching/bitching about the weaknesses of DNS for too damn long, and little has really been done to truly address the Achilles heel of the internet.

• Re: (Score:2)

Agrre,

IT, in general, has been bitching to management about best practices.

Risk/reward analysis, so far, is in favor of sloppy gate-keeping.

• Re: (Score:2)

Agrre,

IT, in general, has been bitching to management about best practices.

Risk/reward analysis, so far, is in favor of sloppy gate-keeping.

Agreed. A job mired in Security is often difficult to justify good solutions when armed with FUD as a sales tactic.

Sad we sometimes have to watch things implode in order for management to understand impact.

Very sad when the end result of poor security is harm to humans. I am not looking forward to our IoT-enabled autonomous future with the way we perceive InfoSec today.

• Re: (Score:1)

Potentially, if you had a wide enough reach and enough bots, you could take over a specific router somewhere and ddos lots of other points funneling traffic through your compromised pipe. On small scale this could be used to steal data, mitm attack, etc. The internet is fairly predictable at small scale where it will route packets around a road block you create.

• Re: (Score:3)

It's good for masking actual intrusions. Distracting the IT guys from the data exhilaration going on.

It's also useful for stopping up bank transactions long enough for the undo window to expire on fraudulent transfers. Say you do some real estate fraud and trick someone into wiring $200k to the wrong account. Doesn't do you any good if they catch it and roll it back in a day. Do the transfer, DDoS the heck out of the bank... that's well worth$15k a week.

Script kiddies don't pay that kind of money to laugh

• I hope these rental services are honeypots (Score:2)

Throw a few of the would-be DDOSers in jail for a couple of years for the first offence. And ban them from the interwebs for 5 years after that on probation. You can be a sociopath but it will cost you. Might deter a few.

• Re: (Score:2)

does anything get accomplished with a DDoS that it provides some kind of value?

Rent the botnet and instruct all the clients to download and install all their missing OS patches, install some AV software, and finally to uninstall the botnet client.

• Hunter Killer Teams (Score:1)

I would approve of Hunter Killer teams solving this problem.

• Re: (Score:2)

I know it is difficult to believe but not every problem can be solved by killing someone.

• Re: (Score:2)

I know it is difficult to believe but not every problem can be solved by killing someone.

That is difficult to believe.

• For BOINC! (Score:1)

There must be some low/non CPU intensive BOINC projects out there that could really appreciate this sort of 'net. I suppose it's probably not worth the time to get different router/IoT ASICs to actually run custom applications, compared with just pointing them to an IP for laughs.

• Re: (Score:2)

Those systems don't tend to have a lot of RAM either, so they are only capable of performing truly trivial tasks, like spying on you or participating in a DDoS.

• I wonder what the access level would be? (Score:2)

Could you rent the net and sneak in code to wipe the machines?

• How is this different.. (Score:2)

...than the fuel-celled car Toyota is releasing soon?

• Math is hard. (Score:2)

If it's between $3000 and$4000 for 2 weeks for 50,000 bots that means it's between $24,000 and$32,000 for all of them not $20,000 and$30,000. How do you guys fail at math that basic.
• Re: (Score:2)

Bulk discount maybe???
• Why would the Russians rent out their botnets? (Score:2)

So a state-level actor rents out a botnet commercially? <Watches as cognitive dissonance explodes heads>

• Re: (Score:1)

It's an interesting subject. If the botnet was created by some government actors, it would make sense to privatize it but still keep the keys so that you could: a) disavow if the operators are discovered, b) know who else is using it and for what, c) seize it if needed in an emergency. If it was created by private actors, a government would want to find them and get that kind of access to it, but certainly not destroy it or interfere with its operation.
• Enough with the Bot Nets. (Score:1)

My only hope is that someone will make an analogue "watchdog" disconnection device to the Web when the computer is idle for a period of time. This won't solve the problem but it will cut drastically the amount of units at their disposal.

Related LinksTop of the: day, week, month.

TRANSACTION CANCELLED - FARECARD RETURNED

Working...