Botnet

Botnet in the United States

Outline of the Problem

  • Botnets will continue to be an issue: Any vulnerable host can become a bot; and there will always be vulnerable hosts
  • The source of a Botnet will be difficult to determine
  • Without accountability it is impossible to identify the commander of a Botnet
  • So, it is essential to stop or delay the growth or damage associated whith Botnets; only the network can do this: ( An ISP or an enterprise router can detect Bot-like traffic; and, perhaps block or delay such traffic)
  • But, there are consequences to blocking (Blocking consumes precious human and device resources; and false positives will lead to many calls to a help desk)

Denial of Service Attacks

  • DDoS attacks are a consequence of Botnets
  • Mitigation of DDoS attacks: Host (especially service solution): Distribute services over many machines; packets will be routinely routed to closest machine which might not be DoSed (yet)
  • Mitigation of DDoS attacks: Network solution (see below)

Network solution:

  • Pushback to block or delay traffic from Bots, but there are consequences due to false positives
  • Diffusion in routing: choose a route that avoids DDoSed hosts and machines instead of the optimal route

Posted

in

,

by

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *