Custom Search

Saturday, December 4, 2010

DDoS attacks make Wikileaks a great botnet detection system

News about Wikileaks has been flooding the media recently. Due to its controversy, Wikileaks has been under several DDoS attacks for the past week. The data volume from the biggest attack is said to be higher than 10Gbps.

This specific event looks to me like a perfect chance for botnet detection. All the botnet detection systems employing passive approaches, like the "follow the spam" strategy I currently use, face the same problem, which is "how to attract botnets to contact the system?" Wikileaks does a great job without much effort in this regards (that is, attracting botnets).

Now if Wikileaks already has in place some capable web server and reverse proxy, like lighttpd, nginx or varnish, a few scripts running on their log files will quickly produce a list of suspected zombie computers. Notifying those unsuspecting victims of what happened will help fight botnets tremendously.

No comments:

Post a Comment