Cat and mouse game upgrades: The next generation of zombies using anonymous networks

Source: Internet
Author: User
Keywords What upgrades games
Tags address anonymous cat cat and mouse computer control ddos ddos attacks
Absrtact: What is a zombie network (Botnet)? Zombie networks are computer programs that talk to each other on the Internet. Many botnets are malicious and tend to do things like send spam and launch DDoS attacks. Curbing the proliferation of malicious zombie networks is

What is a zombie network (Botnet)? Zombie networks are computer programs that talk to each other on the Internet. Many botnets are malicious and tend to do things like send spam and launch DDoS attacks.

Curbing the proliferation of malicious zombie networks is a global movement. The first generation of botnets is often controlled by a single computer on the web, so just locate and kill the control host. If the zombie program contains the communication information with the control host, then the clues can be used to get to the lair.

However, villains outsmart. The Cat-and-mouse game has become very complicated in recent years. Zombie networks are now constantly trying to hide the location of the control host. One way is to quickly dilute, that is, create a long string (hundreds of or even thousands of) of IP addresses, and then let those addresses point to the same domain name at the same time. The actual IP address of the control host can be any one of them, and will often change. Even if you follow the easy track to control the host's IP, it may have changed. Thus, has the pursuers.

And recently botnets have also begun to make use of the anonymity of the Tor network to increase the difficulty. Coupled with the emergence of such an unpredictable electronic currency, such as Bitcoin, online extortion is increasingly difficult to trace, even if the money to pay can not be traced.

Amirali Sanatinia and Guevara Noubir of Northeastern University in Boston believe that the most important innovations of botnets will occur in the use of anonymity. onion routing (onion routing) technology is the key to the use of anonymity. The so-called onion routing, refers to the packaging of messages into different layers of encryption, to restore the message, you have to decrypt layer by layer, the process is like peeling onions.

In onion routing, messages go through a series of server passes from source to destination, each server can only decrypt one layer of data and then get to the next destination, which lasts until the last level is opened, and the message arrives at the final destination. The anonymity of this process now, in addition to the final destination, the middle of the server no one knows what the message is (because it is encrypted).

Sanatinia and Noubir the next generation of zombie networks using onion routing techniques as Onionbot (onion zombies) and explain how onion zombies can best use onion routing techniques. Wait, this is not a bad thing. Thankfully, they also offer a way to counteract such botnets.

The basic idea is to do the same. Use the onion Zombie's own capabilities (say IP address and host decoupling) to deal with onion zombies. The method is to first use the infected host or honeypot system to find the zombie machine's onion address (. onion addresses), and then inject the attack program, as a springboard to infiltrate the botnet, find the neighboring zombie host, and then constantly replicate the controlled zombie host, Each time a new clone creates a point-to-point connection with a neighboring zombie host, and disconnects one of the neighbors from its original connection, until the neighbor Zombie is completely surrounded by the clone, all the original connections are disconnected and become isolated. This process is repeated to counteract the role of botnets.

Of course, the researchers confessed that this method of soap attacks (Sybil Onion Attack Kyoto, soap) could not 100% prevent the attack of onion zombies, but they suggested that this approach Let everyone take the initiative to think ahead about how to defend against future attacks of new botnets. Interested parties can download their papers to see.




Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.