13 Jan
2008
13 Jan
'08
4:28 p.m.
Len Sassaman <rabbi@abditum.com> writes:
I'm not sure that this *does* make it harder to disrupt the botnet, though, does it? Does anyone have example traffic dumps of these encrypted payloads? It should be possible to identify and block this traffic; it's going to follow some unique pattern.
It doesn't have much effect on passive blocking, but what it stops (or at least makes lot harder) is two things: Active attacks (penetration of botnet servers by security people is a serious problem for the botherders, and I assume competing botherders find this an easy target as well), and leeching of botnet-collected data by others. It's mostly back to enterprise DRM again. Peter.