Distributed Computing for Tracking Net Problems? 15
Osrin asks: "A software firewall package that came with a recent computer purchase is using a site called MyNetWatchman to track, catalog and escalate firewall incidents back to ISPs. I was wondering what Slashdot readers think of this type of solution and which other Internet problems it would lend itself to helping resolve?"
Dshield too (Score:5, Interesting)
I'm waiting for the time that data from those two sources is actually used to track down someone who releases an exploit. I really think it is only a matter of time.
Re:Dshield too (Score:2, Interesting)
Even with the spoofing of IP addresses available easily via nmap, it still seems like contributing to the database is a Good Thing[TM]....
Re:Dshield too (Score:3, Insightful)
Really, this is more the case of "track somebody who releases a virus using an exploit." The problem with this is that crackers can and often will seed the virus through more conventional methods (kazaa, hijacked email, etc), and allow others to infect themselves and thus continue on with the trend.
Re:Dshield too (Score:1)
Oh, I completely agree. Howver, before they have the virus totally debugged, if you are talking a new exploit, there have to be some small probes and packets sent out into the wild to test things. Of course, these are probably going to go through zombie computers, but I still think that one day i
Umm this isn't the first (Score:2, Informative)
Too much greed... (Score:4, Insightful)
As soon as any type of app becomes widely used enough to make it worth while it is either bought up and ruined by any number of corporations or sued and shutdown for some kind of obscure copyright violation in order to allow for a bigger and better solution from the copyright holder which will inturn be so ridden with spyware that it will never get used.
Not that I am a pessimist or anything...
Re:Too much greed... (Score:1, Funny)
Oh, wait, no, thats wrong... Winamp 3 may have been stupid, but that wasn't AOL's fault.
Anyway, thats the only counterexample I could come up with, so take that as you will.
--
lds
Spoofed addresses (Score:5, Informative)
nmap has an option ("-S") to spoof the source address. Here's the documentation from the man page:
You could also combine this with the -D (decoy) option, which accepts a list of addresses to spoof. More text from the same man page:
Yes, but. . . (Score:3, Insightful)
Re:Yes, but. . . (Score:3, Informative)
Worms that spread over UDP (like Blaster) could spread using spoofed packets since they don't require two-way communication. That would probably force a lot of ISPs to install egress filters.
Even worms that spread using TCP could send some spoofed packets occasionally, just to screw with these distributed tracking systems.
Given the number of ip addresses that mynetwatchman.com
Re:Yes, but. . . (Score:2)
IIRC, Slammer DID spoof. Fortunately, it was easy for the backbone carriers to drop the port it used, as it wasn't port 80 or any other critical port.
With a port 80 worm, you can't block it easily.
Tracking VS Reacting (Score:1)
Re:Tracking VS Reacting (Score:1)
I think that is a way of the future, and probably will be right before the internet becomes self aware. everything that happens causes changes, those changes propogate out, it becomes an environment where each node is intelligent and responsive, not merely passive.
A worm appears, it affects the first few boxes and they report out what is happening and then the network adapts. Isn't that how the Borg developed? MmM, Borg vs SkyNet. This could get interesting.