
	Home > Ask the Security Experts > Information Security Threats Questions & Answers > Can "good" botnets fight bad botnets?

Ask The Security Expert: Questions & Answers

EMAIL THIS

Can "good" botnets fight bad botnets?

EXPERT RESPONSE FROM: John Strand

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 03 July 2008
How does the method of fighting "bad" botnets with "good" botnets work? How effective is this as an enterprise defense method?

EXPERT RESPONSE
Security researchers generally view these as a bad idea, although there has been some exciting research from the University of Washington centered on a project called Phalanx (pdf). The idea is that any server requests would have to be processed through the "good" botnet, which is geographically dispersed. Because a large number of servers are implemented as intermediaries, it becomes difficult to overwhelm one specific network link.

Still, as I stated earlier, I believe that this is a bad idea, for two reasons. First, think about how hard it is to secure existing systems. Now, expand that by a few thousand systems directly accessible from the Internet. This scenario leads directly to my second fear: control. Imagine the public relations nightmare should your good botnet be taken over and used to DoS someone else's network.

I propose that instead of building counter-botnets, security professionals could better spend their time tracking the patch-installation success rate for the systems they currently have. Leave the bot-herding to the bad guys.

More information:

Learn more about fast-flux botnets and the threats they pose.
How risky is it to log into a botnet control channel? Learn about the possible security threats.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Information Security Threats
	What are the basics of a Web browser exploit?
	Are daily antivirus scans in XP Normal Mode effective if malware must be removed in Safe Mode?
	What is the best way to manually test for buffer overflows?
	Can virtualized applications interact with each other without explicit permission?
	What is the best way to conduct a rootkit-specific risk assessment?
	Does the iPhone SDK effectively increase the risk iPhones pose?
	How can widget malware on social networking sites threaten enterprises?
	Will the new CERT security incident-response project benefit infosec pros?
	How can an enterprise-wide network remain resilient against denial-of-service (DoS) attacks?
	Are there antivirus suites that pick up more than just run-of-the-mill viruses?

Viruses, Worms and Other Malware

How to ensure the validity of Microsoft Windows updates

Antimalware effectiveness put to the test

Phishing, malware laden USB sticks stoke holiday attacks

New worm attacks Windows smartphones

McColo shutdown won't stop spam, malware, warn security experts

Web-borne malware targets unexpected industries

The value of application whitelists

New blacklists: Highly predictive or hardly worth it?

New malware exploits Microsoft RPC flaw

Smartphone security: The growing threat of mobile malware

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

bot worm (SearchSecurity.com)

directory traversal (SearchSecurity.com)

Kraken (SearchSecurity.com)

man in the browser (SearchSecurity.com)

Mytob (SearchSecurity.com)

polymorphic malware (SearchSecurity.com)

RavMonE virus (SearchSecurity.com)

RFID virus (SearchSecurity.com)

Rock Phish (SearchSecurity.com)

Zotob (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business
Targeted Security Channel Tips for Resellers, Integrators and Consultants

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2003 - 2008, TechTarget \| Read our Privacy Policy