Talk:Botnet

From Wikipedia, the free encyclopedia

This is the talk page for discussing improvements to the Botnet article. This is not a forum for general discussion about the article's subject.
Please sign and date your posts by typing four tildes (~~~~). Put new text under old text. Click here to start a new topic. New to Wikipedia? Welcome! Ask questions, get answers.	Be polite Assume good faith No personal attacks Be welcoming	Article policies No original research Neutral point of view Verifiability

Contents 1 Missing from Article 2 Rogue botnets run on Microsoft OSes 3 Possible cleanup in "Lifecycle section" 4 External Link Expired

[edit] Missing from Article

There are some things missing from the article:

• Evolution of botnets -- though many still use a central command and control, new P2P bots are coming up
• Types/branches of bots, and most importantly,
• A better treatment of mitigation strategies. I'm in touch with recent research on botnets; I'll edit this article in a week or so if I dont see any complaints --Railrulez 11:16, 22 July 2006 (UTC)

The botnet life cycle image is nice, but steps 4-5 as given are pretty unusual. Typically spammers ("sponsors") pay for access to bots, not to the botnet controller, and are supplied with proxies opened up on the individual bots. It is not usual for spammers to be given control of a botnet through the IRC control channel. Miscreant botherds often provide nice fancy web interfaces or special software that pulls down lists of available proxies to use for sending spam; e.g., send-safe.com. Lippard 19:54, 30 October 2005 (UTC)

There are legitimate uses for botnets, too. :-) --Cuervo 23:02, 3 Apr 2005 (UTC)

Expand, expound, elucidate, explain. --Baylink 01:34, 4 Apr 2005 (UTC)

Speaking within the context of IRC, I suppose the primary legitimate purpose for a botnet is redundancy. If a bot (or its server) becomes too lagged, or the machine it's running on becomes unstable, it's not going to do its channel maintenance duties very well. Having other bots around provides a bit of a failsafe, and linking them allows them to share userfiles, channel settings, etcetera. Even if it's not lagged, what if someone, by luck or malice, deops the bot first, in the first stages of a channel takeover? What if there's more than one rogue chanop?

Eggdrops also have built-in encryption capabilities (Blowfish has been a part of Eggdrop since the 1.0 series, but it's possible to write one's own modules) and a "party line" accessible to properly authenticated users over DCC CHAT or telnet, which, combined, basically gives people running Eggdrops the option for encrypted communications (there is a module called "wire" for just this purpose), though it should be noted there is currently no functionality in the mainstream Eggdrop source for encrypted connections to the bot itself. There's also built-in note functionality, which allows you to leave notes for users on other bots, even those you may not have access to.

This is just the built-in stuff. With the Tcl hooks, you can write a script to do pretty much anything you want across the botnet. Here's a good example: say you have two bots running, opped, in a channel. One gets banned. The banned bot can request the other unban it across the botnet.

I myself run a small botnet for one of the channels I run on EFNet, and it doesn't do anything evil; most of the time, it just sits there. Sometimes the cool kids show up on the party line.

My arguments here are a bit disorganized, I'll clean them up after coffee. :-) I suppose what my opinion comes down to that there are botnets created by worms and crackers, and botnets created by users with no ill intent, and I believe that there should be a distinction between the two.

--Cuervo 19:11, 4 Apr 2005 (UTC)

n00b skriptkidde

[edit] Rogue botnets run on Microsoft OSes

The average person reading this article will not realize that, while most non-rogue irc networks run on non-Microsoft OSes, most rogue botnets run on compromised machines running Microsodt OSes. The popular press generally does not make this type of thing clear to readers. Hence many lay persons incorrectly believe that it is the nature of all computer systems, not just primarily those running Microsoft OSes, to crash frequently and to be prone to viruses.

Without abandoning a neutral point of view, the botnet article should make it clear to the reader that rogue botnets exist almost exlcusively on Microsoft OSes.

Rahul

[edit] Possible cleanup in "Lifecycle section"

This article probably needs cleanup in the Lifecycle section. I doubt that a bulleted list will suffice for an encyclopedia entry. Any ideas? --Bsdlogical 00:43, 22 September 2006 (UTC)

The same goes for the Purpose section. I think it needs an overhaul. --Bsdlogical 00:49, 22 September 2006 (UTC)

[edit] External Link Expired

http://swatit.org/bots/gallery.html has outdated Certificates, and an invalid contact address for their "free" download. Considering the subject, possibly this should be removed.

198.53.106.189 19:40, 11 January 2007 (UTC)