Attack on Square-Enix, Direction for Online Terrorism - Working Against DDoS
(Page 4 of 4 )
Even with increases in cyber-crime, the internet is definitely not lost. A German project called Honeynet is providing hope by researching DDoS attacks. In November of last year, it began documenting the exchanges of botnet controllers with their minions of slave computers. The Honeynet Project uses unpatched Windows computers that browse the internet like bait to the scripts floating around. Once infected with a botnet script, they can observe what their computers are doing. Their slave computer sits among the other slaves in chat rooms, though theirs is programmed not to spam or carry out attacks. In most cases, this has gone unnoticed, though in others it caused the botnet controller to boot their fake slave or launch a DDoS attack against them. The information they are gathering will be valuable to developing methods of stopping these attacks or to law officials tracking where attacks have been coordinated from. They have already observed some traits of the botnet controllers. They confirm that many aren’t all very technically skilled, asking chatrooms questions like, “how do I compile?” Others have been observed making plans to overtake other botnets. Those interested in trying to implement a Honeynet system to prevent or track DDoS attackers should check out the materials that the project has generated so far: http://www.honeynet.org.
With the Honeynet Project researching and law enforcement becoming aware and involved with prosecuting these criminals, hopefully these crimes can be kept under control. Further work could go into finding ways to monitor IRC chatrooms. Perhaps new IRC hosting software could more closely monitor the chatrooms on its server: detecting large and inactive rooms full of bots, banning users who spam the same message(s) across chat rooms, banning users who remain inactive for too long, or alerting system administrators of groups of users with similar names. This could at least put a damper on DDoS until the script kiddies find a work around and more advanced methods of blocking it become available.
Tighter internet security will also aid in keeping people from becoming infected with the malicious scripts that fuel botnets. Windows is the operating system of choice for these exploits, it seems, and Microsoft needs to tighten Windows’ and Internet Explorer’s security. With service pack 2, Microsoft provided more security by activating the included firewall and automated updates by default. Service pack 2 also nags users if they don’t have antivirus software (until told not to), and a later patch installs Microsoft’s malicious software detection tool. IE’s default settings could use some adjusting, though. Users also have to take responsibility, finding an antivirus program of their choice, keeping its definitions updated, and not visiting questionable websites with lax security settings in their web browser. IE’s default settings are not secure enough to avoid most infections, especially for somebody running java or other plug-ins in the background. This much can help prevent new slave computers from being created and help to detect and clean those that are already infected. Cutting off the botnets at this level, before their scripts can infect and recruit computers, is ideal since later preventative measures are more complicated and less effective.
Eventually, we will probably overcome the threat that botnets pose, and we can move on to new security issues. Perhaps MMOGs like Final Fantasy XI will be spared, or they may be pulled under as new targets of extortion schemes and political statements. Hopefully Square-Enix’s investigation tracks down those responsible, showing script kiddies and cyber criminals that the internet is not a territory receptive to uncontrolled fraud.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
/ 64 
