botnets for good? [was: and here are some answers]

Tue Feb 21 01:58:12 UTC 2006

bmanning at vacation.karoshi.com wrote:

Hey Bill,

> 	i'm begining to think that botnet like structures are in fac t the
> 	wave of the future.  ... and instead of trying to irradicate them, we should 
> 	be looking at ways to use botnet like structures for adding value to
> 	an increasingly more connected mesh of devices.  ...  

I quite agree, you are more than right. Botnets have proven themselves 
as a very powerful "construct", if that is how we are to call them. You 
are more than right.

And indeed, bots were not originally bad entities on the Internet, 
numbering in the hundreds of millions, DDoSing, spamming, stealing Aunty 
Jame's credit card and your identity. No, they are very useful for 
numerous reasons, just very few of which are IRC channel operating related.

Combine them with a distributed environment, and you get very powerful 
computing engines to do quite a bit of tasks. Point them at a problem, 
and they will address it as one. Create Akamai, and you will even get 
some redundancy. I am not saying SETI#Home or Akamai are botnets, but 
these are some good uses for similar technology, at least in concept.

:)

The distinction should be made when one speaks of botnets as we know 
them today, for good. As breaking into a machine in order to fix it, as 
an example, is in no way different than breaking into it in order to spy 
on it, use it or destroy it. You may eventually cause these anyway, as;
- You don't know how a machine will respond.
- You don't know who else may (ab)use your system.
- You can't know if you won't get sued.
- Etc.

This is an on-going ethical and legal debate in botnet fighting circles. 
If we see a 1 million hosts botnet just waiting to attack, and we can 
use the back-door to upload an executable and remove the bot, is that OK?

Aside to it being illegal, you possibly causing the remote machine to 
crash, triggering some IDS/entering into a log/getting sued/whatever, 
you will most likely discover that machine coming back infected yet 
again, or already a member of 30 other botnets with other malware.

We should also remember that when talking of botnets for practical uses, 
they should probably be addressed as a 'concept' rather than structure. 
Today's structure looks mostly like a terrorism cell as David Dagon 
likes to mention, but the structure may vary considerably. Today's IRC 
based C&C's may be the most prevalent and most useful STILL, but in no 
way constitute the only way C&C's are run and botnets are constructed.
:)

> 	of course YMMV - but i'm not persuaded that botnet.hivemind constructs are
> 	-NOT- inherently evil... they can be turned that way, but if there is a
> 	value to such things, we ought to be able to use them for our own
> 	purposes.

burrowing from you with another analogy...
<feedtroll>
So is spam. Spam proved itself to be the most efficient way of selling 
and advertising ever invented. One could say legalizing and regulating 
it will bring in incredible amount of good taxes for the different 
governments, as well as then concentrating only on those who creak the 
law, such as by using botnets, sending kiddie porn, phishing, etc.
</feedtroll>

	Gadi.

-- 
http://blogs.securiteam.com/

"Out of the box is where I live".
	-- Cara "Starbuck" Thrace, Battlestar Galactica.