Botnet in the United States
Outline of the Problem
- Botnets will continue to be an issue: Any vulnerable host can become a bot; and there will always be vulnerable hosts
- The source of a Botnet will be difficult to determine
- Without accountability it is impossible to identify the commander of a Botnet
- So, it is essential to stop or delay the growth or damage associated whith Botnets; only the network can do this: ( An ISP or an enterprise router can detect Bot-like traffic; and, perhaps block or delay such traffic)
- But, there are consequences to blocking (Blocking consumes precious human and device resources; and false positives will lead to many calls to a help desk)
Denial of Service Attacks
- DDoS attacks are a consequence of Botnets
- Mitigation of DDoS attacks: Host (especially service solution): Distribute services over many machines; packets will be routinely routed to closest machine which might not be DoSed (yet)
- Mitigation of DDoS attacks: Network solution (see below)
Network solution:
- Pushback to block or delay traffic from Bots, but there are consequences due to false positives
- Diffusion in routing: choose a route that avoids DDoSed hosts and machines instead of the optimal route
Leave a Reply