Talk:Botnet

From Wikipedia, the free encyclopedia

This is the talk page for discussing improvements to the Botnet article.
Article policies

Contents

[edit] Missing from Article

There are some things missing from the article:

  • Evolution of botnets -- though many still use a central command and control, new P2P bots are coming up
  • Types/branches of bots, and most importantly,
  • A better treatment of mitigation strategies. I'm in touch with recent research on botnets; I'll edit this article in a week or so if I dont see any complaints --Railrulez 11:16, 22 July 2006 (UTC)

The botnet life cycle image is nice, but steps 4-5 as given are pretty unusual. Typically spammers ("sponsors") pay for access to bots, not to the botnet controller, and are supplied with proxies opened up on the individual bots. It is not usual for spammers to be given control of a botnet through the IRC control channel. Miscreant botherds often provide nice fancy web interfaces or special software that pulls down lists of available proxies to use for sending spam; e.g., send-safe.com. Lippard 19:54, 30 October 2005 (UTC)

There are legitimate uses for botnets, too. :-) --Cuervo 23:02, 3 Apr 2005 (UTC)

Expand, expound, elucidate, explain. --Baylink 01:34, 4 Apr 2005 (UTC)
Speaking within the context of IRC, I suppose the primary legitimate purpose for a botnet is redundancy. If a bot (or its server) becomes too lagged, or the machine it's running on becomes unstable, it's not going to do its channel maintenance duties very well. Having other bots around provides a bit of a failsafe, and linking them allows them to share userfiles, channel settings, etcetera. Even if it's not lagged, what if someone, by luck or malice, deops the bot first, in the first stages of a channel takeover? What if there's more than one rogue chanop?
Eggdrops also have built-in encryption capabilities (Blowfish has been a part of Eggdrop since the 1.0 series, but it's possible to write one's own modules) and a "party line" accessible to properly authenticated users over DCC CHAT or telnet, which, combined, basically gives people running Eggdrops the option for encrypted communications (there is a module called "wire" for just this purpose), though it should be noted there is currently no functionality in the mainstream Eggdrop source for encrypted connections to the bot itself. There's also built-in note functionality, which allows you to leave notes for users on other bots, even those you may not have access to.
This is just the built-in stuff. With the Tcl hooks, you can write a script to do pretty much anything you want across the botnet. Here's a good example: say you have two bots running, opped, in a channel. One gets banned. The banned bot can request the other unban it across the botnet.
I myself run a small botnet for one of the channels I run on EFNet, and it doesn't do anything evil; most of the time, it just sits there. Sometimes the cool kids show up on the party line.
My arguments here are a bit disorganized, I'll clean them up after coffee. :-) I suppose what my opinion comes down to that there are botnets created by worms and crackers, and botnets created by users with no ill intent, and I believe that there should be a distinction between the two.
--Cuervo 19:11, 4 Apr 2005 (UTC)

n00b skriptkidde

[edit] Rogue botnets run on Microsoft OSes

The average person reading this article will not realize that, while most non-rogue irc networks run on non-Microsoft OSes, most rogue botnets run on compromised machines running Microsodt OSes. The popular press generally does not make this type of thing clear to readers. Hence many lay persons incorrectly believe that it is the nature of all computer systems, not just primarily those running Microsoft OSes, to crash frequently and to be prone to viruses.

Without abandoning a neutral point of view, the botnet article should make it clear to the reader that rogue botnets exist almost exclusively on Microsoft OSes.

Rahul

What you say is true, but it doesn't necessarily have any significance. If 95% of home PCs run Windows, that's bound to be the natural target of criminal botnets as home PCs are the least defended computers in the world. If 95% ran Mac OS, you'd see a shift to Mac OS-based botnets. The same would be true of Linux or any other OS. —The preceding unsigned comment was added by 212.146.47.250 (talk) 20:54, 2 May 2007 (UTC).
this reasoning is blatantly fallacious. Microsoft Windows is uniquely vulnerable due to the inherent architecture or lack thereof, allowing rogue code to execute at the highest privilege level by default (until Vista), Unix based OS'es specifically disallow this by default. The plethora of buffer overflow vulnerabilities is also directly caused by Microsoft compiler architecture. Rahul's comment is valid, article is misleading in not mentioning this.
- DavidTangye (talk) 00:56, 8 February 2008 (UTC) I agree completely. It is a massive global problem with computers, that most people have no idea about software internals, and so fail to understand that viruses on Windows are NOT caused by its market dominance, but by technical architectural issues within the product. This article in Wikipedia, and several related articles, all fail totally to mention this, and thus, are by omission, allowing an incorrect belief to propagate. If Wikipeida wants to be truly neutral, and let truth be known, get more technically savvy people as editor/censors. At the very least don't let people who have little understanding of a subject delete information about it. As it is, by deleting the info I put in (twice now), you appear to be apologists of Microsoft. You do not appear to be neutral at all. Before you delete any new information, you should satisfy yourself that the new information is incorrect. Else you are just supporting whatever the status-quo is, whether it is correct or not. You need to rethink and change your entire way of thinking over the issue of update reversion.
It blatently is MS's market dominance that means so many attacks are made against it. Any technical shortcomings in Windows just make it easier. There are OSs around with security holes that could easily be exploited but aren't simply because they have hardly any users. If all currently known botnets are Windows only then that's worth mentioning (I'm not changing it because I don't know), but it shouldn't give the impression that users of any other OS will be safe for ever. I'm certainly not a Microsoft apologist, but there's valid criticism and then there's some that's verging on FUD. -Riedquat (talk) 14:08, 16 March 2008 (UTC)
Market dominance it is. Even Steve Jobs has his head up his ass about this. In response to the Apple vs PC commercials, there was a page[1] that revealed 1 Apple vulnerability per day. Here[2] is a blog entry as well. Blogs are not sufficient sources, but the blog provides its own sources that you can follow on your own. It doesn't take a math genius to know that statistically it would be harder for a worm to find an Apple on the Internet than a PC, being so much more rare. 69.119.13.218 (talk) 17:09, 11 June 2008 (UTC)

[edit] Possible cleanup in "Lifecycle section"

This article probably needs cleanup in the Lifecycle section. I doubt that a bulleted list will suffice for an encyclopedia entry. Any ideas? --Bsdlogical 00:43, 22 September 2006 (UTC)

The same goes for the Purpose section. I think it needs an overhaul. --Bsdlogical 00:49, 22 September 2006 (UTC)

[edit] External Link Expired

http://swatit.org/bots/gallery.html has outdated Certificates, and an invalid contact address for their "free" download. Considering the subject, possibly this should be removed.

198.53.106.189 19:40, 11 January 2007 (UTC)


[edit] The picture is retarded

Anybody else think the picture is really dumb and should be removed? Oddity- 03:42, 23 April 2007 (UTC)

Why would you use a term like 'retarded' to describe something you don't like? Its highly insensitive to do so - like people using the word 'gay' for something they consider useless. Personally, I think the picture is a little immature, but it does help to explain the concept of a Botnet to a non-technical person, so believe it should stay.

DavidTangye (talk) 01:12, 8 February 2008 (UTC) To the above comment. What is your problem?
- If its highly insensitive, get over it. Highly insensitive to what? This is public property. He is describing a picture, not the original contributor of the picture, whoever that might be. You seem to assume he is having a go at the original contributor.
- 'Retarded' is a common term used by mainly young people around here, including one of my daughters, who is well spoken generally, and not immature for her age. I think its a funny term to use actually, so lighten up.
- In other parts of the world, it might be taken differently. So do you suggest we all go back to a common language and idiom-set, eg Kings English 1850, so we don't risk offending anyone. You are wasting your time here. Go be a diplomat. They spend whole careers having meetings to try to not offend anyone. Nothing gets done, but everyone has a good time talking, while the wars go on, and the planet burns. But that's OK, because no-one 'of consequence' is offended.

Oh, and now to the issue. To Oddity: I think that the diagram is reasonably good. But the real point is, if you don't like something, DO better. Put up an alternative picture. Stop removing stuff, unless you put up something in its place that addresses whatever is "behind" you have removed.

First of all, guys, if you have an issue with his comment, put it on his discussion page, not here, this is about the article. I came here to see what discussion is already in place about the picture. I also think it's silly, but effective. My only problem is that it explicitly implies that all spambots run Windows. This can be in violation of Wikipedia's NPOV policies, and also must be sourced. Just because it's not text, doesn't mean such a thing can go without a source. I'll be thinking of alternatives here. 69.119.13.218 (talk) 16:59, 11 June 2008 (UTC)

[edit] Bot herder?

Where does this term "bot herder" come from? I have never heard it in the professional IT space nor in the groups who actually set up botnets. Everyone I've ever known calls them "botnet controllers". The term "botnet herder" isn't even referenced in any of the supporting sources. 131.128.96.48 19:31, 10 August 2007 (UTC)

The bot herder is the *person* running the botnet, not the botnet controller. I've heard the term. Lippard 02:54, 28 September 2007 (UTC)

[edit] this is not the best definition of botnet

You can log IRC bots onto multiple servers and have them /msg each other to coordinate cross-server functionality.. that's also a botnet. They can get pretty complex- you can span hundreds of servers in a massive network of bots --ffroth 21:06, 6 December 2007 (UTC)

Actually it's a good definition of a botnet , but you're right, it is not the only meaning of botnet. botnet (made of eggdrops for example) is known by IRCers, I guess that makes less people than the large public that hears about the zombie stuff. Anyway, as newest (zombie) botnets dont use IRC anymore, I suppose this article will need a rewriting. -- skiidoo (talk) 01:19, 7 December 2007 (UTC)

[edit] Tone Issue

The 3rd paragraph ends with the sentence: "Exploitation of this method of using a bot to host other bots has proliferated only recently, as most script kiddies do not have the knowledge to take advantage of it." This needs to be rewritten to reference the term Script Kiddies differently. The way it appears here, it has a condescending tone that one might use when speaking informally to another person about a particular topic. I understand the term is part of the hacker culture, and intended to sound that way, but I am not sure if it fits on Wikipedia. It sounds like an offhand comment. Does anyone else agree? --Johnsm2 (talk) 22:51, 30 January 2008 (UTC)