Makes me wonder whether there's some way to make peace with our new Spam overlords. Maybe get in on the action somehow. Seems to me the battle's very nearly lost if the botnet is functioning in a way that we can live with and that is very hard to tamper with. -TD
Date: Sat, 12 Jan 2008 15:01:54 -0800 To: rabbi@abditum.com From: bill.stewart@pobox.com Subject: RE: Storm, Nugache lead dangerous new botnet barrage CC: pgut001@cs.auckland.ac.nz; camera_lumina@hotmail.com; cypherpunks@al-qaeda.net; eugen@leitl.org; info@postbiota.org
At 10:37 AM 1/12/2008, Len Sassaman wrote:
(Alternatively, "because they can". They're not paying for the overhead, it doesn't really make much sense not to encrypt everything). I don't agree -- they *are* paying for the overhead. Not in dollars, but in CPU cycles (and a minor programming overhead.) If you increase the
On Sat, 12 Jan 2008, Peter Gutmann wrote: performance degradation on the hosts in the botnet, you're going to lose
Encrypting the control channel isn't going to burn a lot of CPU; hopefully the botnet doesn't need more than a few KB/hour of control, and almost certainly it wouldn't need more than a few KB/sec of data (such as spam-target email addresses), so encrypting it's low-horsepower.
The heavy-resource job of a bot is sending out lots of packets to targets, whether it's spam email sessions or DDOS UDP packets, and the limiting factor on that is upstream bandwidth, typically 128-768kbps. On a modern CPU you could even encrypt that traffic if you wanted, without the CPU breaking a sweat, though the only application I can see for that is encrypted SMTP sessions if you're spamming somebody high-tech.
Most computers have enough spare CPU that they can burn it looking for space aliens or folding proteins at home without noticing a performance hit; the real trick on keeping resource consumption low enough to not be noticed is managing upstream bandwidth so that you don't stifle http queries and TCP acks.
_________________________________________________________________ Need to know the score, the latest news, or you need your Hotmail.-get your "fix". http://www.msnmobilefix.com/Default.aspx