Ask the Expert

Can "good" botnets fight bad botnets?

How does the method of fighting "bad" botnets with "good" botnets work? How effective is this as an enterprise defense method?

    Requires Free Membership to View

Security researchers generally view these as a bad idea, although there has been some exciting research from the University of Washington centered on a project called Phalanx (pdf). The idea is that any server requests would have to be processed through the "good" botnet, which is geographically dispersed. Because a large number of servers are implemented as intermediaries, it becomes difficult to overwhelm one specific network link.

Still, as I stated earlier, I believe that this is a bad idea, for two reasons. First, think about how hard it is to secure existing systems. Now, expand that by a few thousand systems directly accessible from the Internet. This scenario leads directly to my second fear: control. Imagine the public relations nightmare should your good botnet be taken over and used to DoS someone else's network.

I propose that instead of building counter-botnets, security professionals could better spend their time tracking the patch-installation success rate for the systems they currently have. Leave the bot-herding to the bad guys.

More information:

This was first published in July 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: