Bot vs. Bot
May 2008
Beating the “botnets.” A team at the University of Washington wants to marshal swarms of good computers to neutralize the bad ones. They say their plan would be cheap to implement and could cope with botnets of any size. Current countermeasures are being outstripped by the growing size of botnets, says the Washington team, but assembling swarms of good computers in defense could render DDoS attacks obsolete. Their system, called Phalanx, uses its own large network of computers to shield the protected server. Instead of the server being accessed directly, all information must pass through the swarm of “mailbox” computers. The many mailboxes do not simply relay information to the server like a funnel – they only pass on information when the server requests it. That allows the server to work at its own pace, without being swamped. Phalanx also requires computers wishing to start communicating with the protected server to solve a computational puzzle. This takes only a small amount of time for a normal web user accessing a site. But a zombie computer sending repeated requests would be significantly slowed down. The Washington team simulated an attack by a million-computer botnet on a server connected to a network of 7,200 mailboxes organized by Phalanx. Even when the majority of the mailboxes were under simultaneous attack, the server was not overwhelmed and could still function normally. A paper on Phalanx was presented at the USENIX symposium on Networked Systems Design and Implementation, held last week in San Francisco.
Beating the “botnets.” A team at the University of Washington wants to marshal swarms of good computers to neutralize the bad ones. They say their plan would be cheap to implement and could cope with botnets of any size. Current countermeasures are being outstripped by the growing size of botnets, says the Washington team, but assembling swarms of good computers in defense could render DDoS attacks obsolete. Their system, called Phalanx, uses its own large network of computers to shield the protected server. Instead of the server being accessed directly, all information must pass through the swarm of “mailbox” computers. The many mailboxes do not simply relay information to the server like a funnel – they only pass on information when the server requests it. That allows the server to work at its own pace, without being swamped. Phalanx also requires computers wishing to start communicating with the protected server to solve a computational puzzle. This takes only a small amount of time for a normal web user accessing a site. But a zombie computer sending repeated requests would be significantly slowed down. The Washington team simulated an attack by a million-computer botnet on a server connected to a network of 7,200 mailboxes organized by Phalanx. Even when the majority of the mailboxes were under simultaneous attack, the server was not overwhelmed and could still function normally. A paper on Phalanx was presented at the USENIX symposium on Networked Systems Design and Implementation, held last week in San Francisco.
posted by arkietechs at 8:31 AM
0 Comments:
Post a Comment
<< Home