At 10:37 AM 1/12/2008, Len Sassaman wrote:
(Alternatively, "because they can". They're not paying for the overhead, it doesn't really make much sense not to encrypt everything). I don't agree -- they *are* paying for the overhead. Not in dollars, but in CPU cycles (and a minor programming overhead.) If you increase the
On Sat, 12 Jan 2008, Peter Gutmann wrote: performance degradation on the hosts in the botnet, you're going to lose
Encrypting the control channel isn't going to burn a lot of CPU; hopefully the botnet doesn't need more than a few KB/hour of control, and almost certainly it wouldn't need more than a few KB/sec of data (such as spam-target email addresses), so encrypting it's low-horsepower. The heavy-resource job of a bot is sending out lots of packets to targets, whether it's spam email sessions or DDOS UDP packets, and the limiting factor on that is upstream bandwidth, typically 128-768kbps. On a modern CPU you could even encrypt that traffic if you wanted, without the CPU breaking a sweat, though the only application I can see for that is encrypted SMTP sessions if you're spamming somebody high-tech. Most computers have enough spare CPU that they can burn it looking for space aliens or folding proteins at home without noticing a performance hit; the real trick on keeping resource consumption low enough to not be noticed is managing upstream bandwidth so that you don't stifle http queries and TCP acks.