Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

What a Botnet Looks Like

timothy posted more than 6 years ago | from the when-jerks-are-smart dept.

Security 122

Esther Schindler writes "CSO has an annotated, zoomable map of real botnet topologies showing the interconnections between the compromised computers and the command-and-control systems that direct them. The map is based on work by security researcher David Voreland; it has interactive controls so you can zoom in and explore botnets' inner workings. Hackers use botnets for spamming, DDoS attacks and identity theft. One recent example is the Storm botnet, which may have comprised 1 million or more zombie systems at its peak. As with any networking challenge, there are good (resilient) designs and some not-so-good ones. In some cases the topology may be indicative of a particular botnet's purpose, or of a herder on the run."

cancel ×

122 comments

Flash site, very funny. (5, Funny)

inTheLoo (1255256) | more than 6 years ago | (#23340444)

To get a good look at a botnet they say, "You need to upgrade your Flash Player". How true!

Re:Flash site, very funny. (1, Informative)

gnutoo (1154137) | more than 6 years ago | (#23340492)

It is true [slashdot.org] .

Oh come on. (3, Interesting)

willeyhill (1277478) | more than 6 years ago | (#23340740)

Who modded this "offtopic"? The site requires the latest and greatest flash player to look at a freaking image when everyone knows that Flash has big fat holes in it. They might as well made it IE only.

Re:Oh come on. (-1, Offtopic)

willyhill (965620) | more than 6 years ago | (#23341154)

Since I'm being modded troll every time I point out what you're doing, maybe the moderators will listen to someone else [slashdot.org] instead.

Re:Oh come on. (0, Offtopic)

nschubach (922175) | more than 6 years ago | (#23342176)

If Slashdot wanted to stop him from creating multiple accounts from the same IP and posting from the same IP, they would have. Ever think of that? Frankly I'm sick of all the people trying to discredit the useful information he posts because they are hellbent on some crusade to "prove" something they cannot actually prove. When I get mod points these days (15+ points per shot) I WILL mod you troll if you continue to harass him for making informative posts. If you want to point it out when he's trolling himself I don't care, but using this "crusade" to discredit relevant information is absurd. What you are doing is trolling. Period. Granted, you are not trolling an idea, but you are actively trolling a person or group of people who are most likely having fun with you. Instead of posting and losing karma, try using your karma to mark his "troll" accounts down if you feel so vigilant, but don't make this a crusade to hide information because it comes from someone you dislike.

Meta-moderators will determine if you are doing the right thing and you will be rewarded or punished. It's quite a simple and elegant system.

Personally, I think you are getting worked up for nothing special, and someone out there has a freaky sense of humor. Otherwise, why would they create accounts similar to your names and use them for their devious purposes? Have you ever worked with children? If you give them attention for doing something wrong, they will continue to crave that attention. Just leave him/them and he/they will eventually get bored and stop.

Re:Oh come on. (0, Offtopic)

Red Flayer (890720) | more than 6 years ago | (#23342316)

Frankly I'm sick of all the people trying to discredit the useful information he posts because they are hellbent on some crusade to "prove" something they cannot actually prove
Useful: I do not think it means what you think it means. Though, I will admit, that his posts have recently (over the past6 mos or so) increased in quality, and some do have valid points.
That said, I think it reprehensible that he uses sockpuppets.

Anyway, I think your post makes a lot of sense, and can be summed up in a few short words: Don't feed the trolls.

Re:Oh come on. (2, Insightful)

nschubach (922175) | more than 6 years ago | (#23342472)

Useful
Not necessarily this post, but if I'm to believe what these folks (willhill, et al.) are telling me, twitter has had some informative posts and if he feels the need to "sockpuppet", mod the puppets, leave the information. Coming into this war fairly fresh, it looks like someone is trying to discredit a logical poster instead of informing people. Stick it in your signature if it's that important to you and contribute to the site so you get modded up instead of spamming.

Re:Oh come on. (1, Insightful)

Red Flayer (890720) | more than 6 years ago | (#23342842)

Unfortunately, modding the puppets doesn't work when the puppets are used to mod posts, and I'm not convinced that metamoderation is agile enough (especially considering the tendency of user-generated feedback to be overwhelmingly positive) to combat sockpuppets when they are used to mod posts.

The best way to combat sockpuppets is to raise awareness of their existence and the parent-child relationship. Sure, sometimes that info is OT when post IS actually informative, or insightful, or whatever... in which case the posts should rightly be modded offtopic. However, I think it's healthy for the slashdot community for these posts to come through and be seen once a month or so.

Re:Oh come on. (1, Offtopic)

willyhill (965620) | more than 6 years ago | (#23342836)

I suppose that's OK, since if I follow your logic here all I need to do is just create four or five accounts, complain about your moderation and paste in a few links. You wouldn't mind if I did that, would you?

Then, the next time I see you posting something I disagree with, I'll jump in with all my sockpuppets and create the illusion of a discussion between many people, most of which happen to agree with me. Then someone else who thinks they're using their moderator points in for a righteous cause will mod you down, and you will lose karma. Eventually you'll lose your posting bonus, and who knows, maybe even descend into negative karma territory.

But you wouldn't mind that at all, would you? As long as I paste a few "informative" links into my comments and repeat the obvious in slightly different ways. Right?

Re:Oh come on. (2, Insightful)

thePowerOfGrayskull (905905) | more than 6 years ago | (#23342794)

Dude... seriously, move on. Take a deep breath, and just... move on. In the grand scheme of things, he can have 2351 different IDs- and it would not matter one iota. Why on earth do you let him have so much control over you?

Really now. (0, Flamebait)

conureman (748753) | more than 6 years ago | (#23343562)

I too, felt violated. It's like the CGI thing in movies. Just because you can, doesn't mean you have to. Useless.

Re:Oh come on. (0, Offtopic)

Anonymous Coward | more than 6 years ago | (#23344414)

And this ladies and gentlemen, is the power of sockpuppets. Bad moderation? No problem, just use the mod points on another one of your accounts that you didn't use to post to this article and mod yourself up. Profit!

Re:Flash site, very funny. (4, Funny)

Bryansix (761547) | more than 6 years ago | (#23341206)

They say you can get a good look at a botnet by upgrading your flash player but I'd rather take your word for it.

Anonymous Coward (0)

Anonymous Coward | more than 6 years ago | (#23340488)

that's just beautiful

Re:Anonymous Coward (5, Funny)

Anonymous Coward | more than 6 years ago | (#23340772)

No, it sucks. I zoomed in to close and saw my IP!

Re:Anonymous Coward (1)

innerweb (721995) | more than 6 years ago | (#23343846)

To make this truly useful, the addresses should be in a text searchable format. Then, one could truly look for one's own address, or a client's address, or a friends address, or just block email from them, or whatever. This is only eye-candy, and we all know what that is only useful for.

InnerWeb

Re:Anonymous Coward (0)

Anonymous Coward | more than 6 years ago | (#23340892)

I was thinking its designed very well. Someone should build an internet on that thing.

Obligatory (-1)

Anonymous Coward | more than 6 years ago | (#23340510)

I, for one, welcome our new botnet overlords.

Re:Obligatory (1)

maxwell demon (590494) | more than 6 years ago | (#23340910)

I, for one, welcome our new botnet overlords.
Yes, but do they run Linux?

What a Botnet Looks Like (5, Funny)

sm62704 (957197) | more than 6 years ago | (#23340530)

here's [interconnection.org] a photo of a botnet. Ok, it's a small botnet but if the botnet was a semi you wouldn't see the computers, now would you?

Ob. XKCD reference (5, Funny)

DrYak (748999) | more than 6 years ago | (#23340656)

Ok, it's a small botnet
Randall Munroe's botnet look like that [xkcd.com] .

Thanks for posting... (3, Funny)

Thelasko (1196535) | more than 6 years ago | (#23340550)

all of the IP addresses. Can I get that in a text format? I want to add them to my hosts file.

Re:Thanks for posting... (1)

Thelasko (1196535) | more than 6 years ago | (#23340650)

all of the domains and IP addresses. Can I get them in text format please? I want to add the domains to my hosts file and the IP addresses to my firewall's blacklist.

Had a brain cramp a moment ago.

Re:Thanks for posting... (5, Insightful)

multipartmixed (163409) | more than 6 years ago | (#23341102)

I don't think you'd want to do that.

My current RBL has about 6.5 million entries, and is extremely permissive. It is also updated bi-hourly.

I sure wouldn't want my machine to traverse a hosts table of 7 million hosts every time I tried to look up a name in the DNS.

Same for your firewall, 7 million entries will cripple iptables. Hell, 30,000 entries causes visible slowness on a dual-core opteron system.

Of course, you might get better performance out of iptables with the ipsets kernel patch. But that's still a damned big list.

Re:Thanks for posting... (1)

VeNoM0619 (1058216) | more than 6 years ago | (#23341642)

Not to mention... why blacklist them? It sounds reasonable at first, but blacklisting an IP cause it has a botnet is a poor idea of security, because all it takes is a new IP/new machine. If you are that afraid of getting hit by one, just try to keep up to date on your security information(at least patch monthly).

Like parent stated, it will only slow down your packets. No real benefits will be gained.

Re:Thanks for posting... (0)

Anonymous Coward | more than 6 years ago | (#23345116)

"why blacklist them? It sounds reasonable at first, but blacklisting an IP cause it has a botnet is a poor idea of security, because all it takes is a new IP/new machine. If you are that afraid of getting hit by one, just try to keep up to date on your security information(at least patch monthly)." - by VeNoM0619 (1058216) on Thursday May 08, @03:11PM (#23341642)
Come on man - that sounds like something a botmaster WOULD say! Keeping up on them's relatively child's play if you have good solid sources like:

http://mtc.sri.com/ [sri.com]

&/or

http://ddanchev.blogspot.com/ [blogspot.com]

"Oh, don't BOTHER 'blacklist' those sites in your HOSTS file, bots are my lifeblood" etc. et al... which is what anyone who runs these botnet herds would most likely say + tell others to do most likely!

QUESTION: Do you know that a great program called SpyBot "Search & Destroy" also helps you this way, & the reason? S E C U R I T Y!

(That is EXACTLY what you can do, & spybot even does, for you to get security from using a custom HOSTS file)...

Just by using a custom HOSTS file to secure yourself vs. virus/spywares/trojans & more!

In essence, using a custom HOSTS file gets you this:

"If you can't go into that bad URL poisoned code or adbanner kitchen, you can't get burnt"

(+ IF you do it right, you can go a LOT faster, blocking out adbanners (which have had a load of bad javascript code in them the past few years now no less, Fortune 100's-500's no less as well) & use less CPU cycles running their code in scripted banners & more, & data bandwidth downloading it, & disk I/O & RAM also).

USING A HOSTS FILE FOR SECURITY, Works...

& In addition to that, stopping the indiscriminate use of tools & methods trojans/virus/spyware & the like use/take advantage of in webbrowser & email programs, like javascript/activescripting/IFrames/bad plugins...

By trimming (if not outright stopping) the 'wholesale use' of javascript &/or IFrames on every site under the sun, you stay safer too, becaue face it - not every site's javascript code's to your advantage (certainly not in speed & NOT in security sometimes even per my examples above). Limit it to where you really need it, data access sites like shopping & banking ones are examples thereof.

(Do that, especially vs. bogus javascript etc. like you see in adbanners the past few years now in fact? If you do that, end-user/clientside even on corporate networks to EXTERNAL sources? You stay a LOT cleaner vs. infestations, hands-down (implementable in group policies fairly easy on an NTFS/AD network) Local standalone systems as well benefit too, same way (more speed & more security))

It works, don't say otherwise either, for speed & security, no questions asked. Editing it is simple via notepad.exe too, for instance, & a child could do it.

APK

P.S.=> Sure, occasionally, (on scripting) - You HAVE to/are forced to use scripting for banking &/or shopping sites, so do so, for data access & to get full function, but be S M A R T, & limit those sites to that type only, ones you know & trust...

Also, use better browsers! IE specific sites yes, you have to sometimes use IE on, but using a safe(r) browser, like Opera (safer, AND F A S T E R, w/ 0% known defects per SECUNIA in its shipping non-beta 9.27 model)? Opera's better & faster stuff, especially on low memory rigs (I saw it run like a champ on a Pentium II 400mhz Celeron w/ only 64mb of RAM on it, under XP)

BUT, in addition to HOSTS files usage? Hey - to stay truly safe & clean online, TURN OFF unlimited usage of scriptings/plugins/adbanners & the like and keep a system you can keep running a decade or more, w/out constant rebuilds... especially today, vs. virus & the like... apk

Re:Thanks for posting... (1)

shentino (1139071) | more than 6 years ago | (#23342196)

Strange...

Apart from memory constraints, why should there be a slowdown?

Aren't IP addresses a numeric type that can easily be looked up in a hash table or a balanced binary tree?

If the lookup algorithm is O(N) then I'm going to kill someone.

Re:Thanks for posting... (1)

nschubach (922175) | more than 6 years ago | (#23342392)

At first I thought he same thing. If we were only talking about IPs, there's only ~4 million possible in IPv4 and it would be cake to traverse that. However, he corrected and asked for the host names as well.

I'm not quite sure why you'd block on host names instead of IPs for this purpose, but whatever.

Re:Thanks for posting... (0)

Anonymous Coward | more than 6 years ago | (#23344206)

there's only ~4 million possible in IPv4
Err. 32-bit = ~4 billion

Re:Thanks for posting... (1)

nschubach (922175) | more than 6 years ago | (#23344298)

Lol, good catch. I can't believe I missed that. Either way, it's not like it's a plain text search. The numbers are delimited and easily partitioned into smaller sets to search.

Re:Thanks for posting... (1)

Matey-O (518004) | more than 6 years ago | (#23342964)

What ELSE are you gonna do with three of four cores idle?

Re:Thanks for posting... (1, Informative)

Anonymous Coward | more than 6 years ago | (#23344296)

You don't want to use iptables for that kinda thing, you use ipset, arange all those IP addresses in a giant hash map and match against that :)

Re:Thanks for posting... (0)

Anonymous Coward | more than 6 years ago | (#23340652)

I'll give you a copy once this port scan is done.

Re:Thanks for posting... (1)

gammygator (820041) | more than 6 years ago | (#23340842)

Um, I think you meant hosts.deny

Re:Thanks for posting... (1)

Anpheus (908711) | more than 6 years ago | (#23341036)

On Windows machines the hosts file can be used to deny certain domains or IP addresses by defining them to 127.0.0.1

Re:Thanks for posting... (1)

gammygator (820041) | more than 6 years ago | (#23342462)

Ah. I had not thought of that. That's what I get for being a smart ass, I guess. : -)

Re:Thanks for posting... (2, Funny)

apt-get moo (988257) | more than 6 years ago | (#23341528)

I heard 192.168.1.1 is among...

Re:Thanks for posting... (1)

antdude (79039) | more than 6 years ago | (#23342342)

Isn't that pointless? Do we even know how old these datas are (didn't see any dates with a quick glance)? I am sure they change. It would be nice if we could get up to date ones often.

Maybe it's my ignorance... (1)

mpapet (761907) | more than 6 years ago | (#23340584)

because I don't work in this area, but I think a simpler explanation for the crazy hodge-podge of IP's on the map is dynamic IP's being given to a few infected PC's.

How can one say with confidence that the design is purposeful?

reminds of the sexual partners mapping... (5, Interesting)

Anonymous Coward | more than 6 years ago | (#23340598)

http://www.artsci.washington.edu/news/Autumn05/largermap_sexualnetworks.htm

Re:reminds of the sexual partners mapping... (1)

erlenic (95003) | more than 6 years ago | (#23341168)

I looked through this pretty closely (it's amazing what boredom will do :). I could only find one same-sex encounter, and it wasn't in the largest group. It's in the second to the right structure along the top. Right in the middle of that group there's a triangle with a female-female encounter. I wonder if that triangle was three separate incidents, or one very lucky guy :D

Anyone see anything else interesting? What's the highest number of partners for one individual?

Extra note: I just went and looked again before hitting submit, and I did find two male-male encounters. I'll leave finding them as an exercise for the reader.

Re:reminds of the sexual partners mapping... (1)

IBBoard (1128019) | more than 6 years ago | (#23341560)

I found one male-male in the big blob, but I've not spotted the other one yet.

As for the actual groupings, did anyone else notice that in all except the big huge "we sleep around a lot" map then the girls were more likely to have multiple partners? Both the two in the top-right and the star pattern that's not quite in the bottom-left have clusters around a pink blob and then mainly single partner chains from there.

Yes, there's more lone guys with two female partners, but other than that then the girls seem more likely to have had multiple partners.

Re:reminds of the sexual partners mapping... (1)

erlenic (95003) | more than 6 years ago | (#23341976)

As far as the big loop, I think it's less promiscuous than it seems as first. If you look closely, there are a lot of two partner people, and most of the branches are formed by someone with three. Considering this is an 18 month study in a high school, it's not unheard of for them to have two or three somewhat long term relationships, especially if one ended right at the beginning of the study.

I see what you mean about the ratio of males to females among multiple partners. The most I could find was a male with nine partners, but the next five highest I see are all females.

And the two Y shaped pairs and the V shaped pair (bottom right) are mirrors of each other with respect to gender.

I'd love to get the raw data, but all I've found so far is that the article appeared in the American Journal of Sociology, 110(1):44-99. It won an American Journal of Sociology Roger Gould Prize for Best Article.

Re:reminds of the sexual partners mapping... (1)

erlenic (95003) | more than 6 years ago | (#23342088)

Bad form, I know, but I had to add this.

I found the article. http://faculty.washington.edu/stovel/chains.pdf [washington.edu] . Still no raw data though.

Re:reminds of the sexual partners mapping... (0)

Anonymous Coward | more than 6 years ago | (#23341718)

Anyone see anything else interesting?

There's no virgins. Considering they used numbers under the structures to represent repeats, there's no reason to leave out single people. The map also doesn't consider the order of sexual relations. The legend talks about a hundred people being linked, but it's unlikely they are linked in a way that could spread an STD to all one hundred.

Re:reminds of the sexual partners mapping... (1)

erlenic (95003) | more than 6 years ago | (#23342256)

The purpose of the map is to demonstrate sexual networks. In the case of a virgin, there is no sexual network. The full article is available at http://faculty.washington.edu/stovel/chains.pdf [washington.edu] , she does have maps and discussion that take time into account.

Re:reminds of the sexual partners mapping... (0)

Anonymous Coward | more than 6 years ago | (#23342438)

There is the blue-blue dot on the top of the BIG cluster... but directly to it's right - a small cluster about 8 dots big - there is a pink-pink-blue triangle so there's no clue as to whether it's a 3-way or just 3 2-ways.

Where was this shit when I was in high-school?

Re:reminds of the sexual partners mapping... (0)

Anonymous Coward | more than 6 years ago | (#23343208)

More interesting, they excluded me from the mapping. Unfortunately, I would lack any black bars extending from my location :(

Re:reminds of the sexual partners mapping... (0)

Anonymous Coward | more than 6 years ago | (#23341994)

Re:reminds of the sexual partners mapping... (1)

antdude (79039) | more than 6 years ago | (#23342292)

Obviously for a typical /.er like me, it is just one dot. :(

Better way needed (-1, Redundant)

zymano (581466) | more than 6 years ago | (#23340606)

These botnets can be shut down by shut down by just shutting down computers that don't have secure computers.

Force people to use firewalls and antivirus. Scan every file from filesharing P2p.

Scan them. Contact ISP and Shut them down if the fail = reverse botnet.

Re: Better way needed (0)

Anonymous Coward | more than 6 years ago | (#23340826)

Thanks for clearing that up.

Re: Better way needed (1)

zymano (581466) | more than 6 years ago | (#23343052)

LOL.

I had a computer error. Swear i didn't write it like that.

haha.

Re: Better way needed (2, Funny)

Red Flayer (890720) | more than 6 years ago | (#23341018)

can be shut down by shut down by just shutting down computers that don't have secure computers.
Gee thanks thanks captain obvious captain obvious for your observe your observations.

Was it just me, or did anyone else imagine parent as speaking in the voice of max headroom?

Re: Better way needed (0)

Anonymous Coward | more than 6 years ago | (#23341962)

y y y y y y y y y yes yyyyyyyyes es es yes

Re: Better way needed (1)

Tenebrousedge (1226584) | more than 6 years ago | (#23341106)

Is perfect security possible? Serious question.

If the answer is yes, then there would be some point to your idea. It would probably not be practical to do what you're suggesting, and it may run counter to some people's ideas of personal freedom. Probably you would piss off a hell of a lot of people.

If the answer is no, then the same flaws apply as above, except that it would be ultimately pointless. There's an evolutionary principle called the Red Queen effect that you should be aware of. It's kind of a consequence of selective pressure in an environment. Basically, if you close off all the security holes you know about, this creates a strong pressure for someone to find another security hole.

So, should we use draconian methods to try to achieve a perfectly secure internet? It seems like the same argument as the anti-terrorism efforts. I do not think such efforts would be successful, or worth the cost.

Re: Better way needed (1)

peragrin (659227) | more than 6 years ago | (#23341460)

isn'that the point though? Close off all easy security holes(put some dead bolts on those doors, and poly films to prevent glass breakage) security holes will still exist but will both be harder to take advantage of(robbery at gun pint for keys, social engineering) Or brute forcing passwords.

*nix's aren't hacked very often in mass groups, yet you put a non patched windows system on the net and it will be pwned by the time you can download the security updates.

Lock the windows and force the crackers to find other flaws. let them be your Quality control team, and your consumers are used to being beta testers anyways.

Re: Better way needed (1)

Tenebrousedge (1226584) | more than 6 years ago | (#23342352)

*nix's aren't hacked very often in mass groups, yet you put a non patched windows system on the net and it will be pwned by the time you can download the security updates.
Okay, so *nixes (*nices?) have a better security model. That's good, but how different would things be if we had one vast monoculture of *nix machines? That's the question. Is there a perfect security system that we're getting closer to, or are we just running as fast as we can just to stay in the same place?

I'm not arguing against increased security efforts. I'm just arguing against draconian methods of doing so, on the basis that they may ultimately be ineffective, in the sense that they would not alter the eventual outcome.

Re: Better way needed (1)

TheHorse13 (908512) | more than 6 years ago | (#23341448)

If it was this easy, then all of the crap you've installed would be blocking botnet activity - but it's not. Reality is that botnet activity is obfuscated and buried in normal transactions and behaviors. All the firewalls on the planet cannot stop bot activity no matter what vendor marketing slicks say.

Then stop them all! (1)

jack2000 (1178961) | more than 6 years ago | (#23340618)

If they know which ips/subnets are most prolific with botnets just nullroute them all and tell the isps/owners to get their act straight if they want back on the net!

Wow - I can see my house from here! (2, Interesting)

jmichaelg (148257) | more than 6 years ago | (#23340676)

It would be nice to be able to search my static IP or a range of IPs to see if they are on the map.

everybody should have a botnet (0)

Anonymous Coward | more than 6 years ago | (#23341628)

they are wonderful tools. botnets keep the world running.

If he generated a KML file... (1)

EmbeddedJanitor (597831) | more than 6 years ago | (#23345338)

you could hook it up to Google Earth. That would allow Google to do all the pan/joom heavy lifting.

Check out the losers (5, Funny)

Hoplite3 (671379) | more than 6 years ago | (#23340686)

There are lots of well constructed stars, where a handful of master nodes control several slaves. Each slave knows two or three masters for redundancy. That's good design, and I expected it.

But what's hilarious is that there are some ip addresses that are slaves to four or five different botnets. I wonder what the owners of those machines think?

"Man, the internet sure is slow today!"

"I need a new computer, this one's all slow."

"Sweet! Five botnets and counting! I'm part of something! I belong!"

Re:Check out the losers (5, Insightful)

Esther Schindler (16185) | more than 6 years ago | (#23340850)

I do know what those users think, and it's very much like you posited: "My computer has become unusably slow, and I don't know why or how to fix it!" Unfortunately that was followed by, "Aunt Esther, can you tell me what's wrong?"—and thus I spent half a day killing enough of the junk that I could install a firewall, antivirus, etc.

People like my nephew aren't unwilling to learn. They're just lost when it comes to their computers. And they don't particularly mind being ignorant as long as the equipment works right (or appears to). Just as most of us don't feel the need to understand how a car works in order to drive one.

Some of us remember the days when we wistfully wanted computers to become easy enough for ordinary people to use them. Alas, we got our wish.

Re:Check out the losers (3, Interesting)

Volante3192 (953645) | more than 6 years ago | (#23340984)

And they don't particularly mind being ignorant as long as the equipment works right (or appears to). Just as most of us don't feel the need to understand how a car works in order to drive one.

Yes, but people are often more familiar with what a car needs. Regular oil changes, maintenance, gas; they might not know (or care) why the car needs these, but they know that if they don't, the car will fail to work.

People don't even know that much about computers, about what they shouldn't do, even if they don't know why.

Re:Check out the losers (3, Insightful)

Esther Schindler (16185) | more than 6 years ago | (#23341446)

Not everyone does understand basic maintenance. You'd be amazed. Plenty of people wait until the car breaks down before they think to get it serviced.

And they don't like to gain even basic knowledge. In the gas crisis of the late 1970s, my (then-)mother-in-law waited 40 minutes at a gas station before she got to the pump. When she discovered it was self-serve, she drove away, because she didn't know how to use the pump herself. (Yes, obviously all she had to do was ask the person behind her—who'd be motivated to help—but she didn't.)

Also, even when people take the car in for maintenance, it's something they do out of distrust for the practitioners. That's better than not taking it in, of course, but it's inherently a combative relationship: what's the mechanic gonna tell me I need this time?

The thing is, few of us want to be experts in every technology we use. We just want it to work.

None of which excuses ignorance, mind you, but it does explain it.

Re:Check out the losers (0)

Anonymous Coward | more than 6 years ago | (#23341074)

They know not to drive on a flat tire though (at least most people do). At the very least they know how to turn the lights on and that it needs gas.

Image!!! (1)

Fuzzums (250400) | more than 6 years ago | (#23341238)

And this, dear parents, is why you make an image of your kids computer and just put it back when the computer gets "slow".

It will save you that day of irritation and removing all the junk.

I guess that's worth a few bucks, isn't it?

Re:Check out the losers (1)

shawn(at)fsu (447153) | more than 6 years ago | (#23341314)

Wow thats a pretty detailed map, in fact I think I see one of my IP address.

Wait what?

Re:Check out the losers (1)

blitzkrieg3 (995849) | more than 6 years ago | (#23342016)

from tfa:

One thing to remember when looking at the map is that the information takes place over time. In that sense it's like time-lapse photography, a composite of 24 snapshots a day for 60 days. That means the more lines and points you see, the more activity you're looking at. The two connected stars to the left spent more time moving around than the single star below during the two months Vorel collected data.
Maybe that's what you are seeing?

Uh, nice map. (-1, Troll)

Anonymous Coward | more than 6 years ago | (#23340726)

Looks very nice. I zoomed in a bit, however, and the entire thing appears to be written in russian or some other manner of moonspeak. Does anyone have a nice english-language map, in a nice png or jpg or something?

I, for one.. (4, Insightful)

oodaloop (1229816) | more than 6 years ago | (#23340770)

...would like to see more. Was there actually an article there, or was that just a picture? How about something about the methodologies used, a description of the organization of the network, maybe even some metrics like centrality. Something other than a picture, ferchrissakes.

How it looks like? (2, Funny)

gmuslera (3436) | more than 6 years ago | (#23340808)

There are fields, Neo. Endless fields where bot beings are no longer born. Are grown. For the longest time I wouldn't believe it and then I saw the fields with my own eyes...

Ha Ha! (2, Funny)

Thelasko (1196535) | more than 6 years ago | (#23340898)

One of the nodes backendportal.info [networksolutions.com] is registered to Horatio Nelson! [wikipedia.org]

Re:Ha Ha! (1)

maxwell demon (590494) | more than 6 years ago | (#23340996)

So if we find the controlling IP, we have found an internet connection to afterlife!

Honeynets seem to be doing their thing (3, Interesting)

Lucas123 (935744) | more than 6 years ago | (#23340938)

If you zoom in, you'll see a lot of the concentration of spiderwebs are around sites like honeynet.cz.

Hey, (1)

Layer 3 Ninja (862455) | more than 6 years ago | (#23340940)

I can see my house from...oh wait..oh :/

Re:Hey, (1)

OhHellWithIt (756826) | more than 6 years ago | (#23341108)

I was wondering something similar: Isn't that my office LAN over in the top left corner?

Anonymous Coward (0)

Anonymous Coward | more than 6 years ago | (#23341012)

was wondering what techniques could have been used to mask an ip address as 1.3.3.7

127.0.0.1 (4, Funny)

Anonymous Coward | more than 6 years ago | (#23341030)

Wait, 127.0.0.1 is in there. That is my IP address!

Re:127.0.0.1 (0)

Anonymous Coward | more than 6 years ago | (#23341166)

:o

what unprecedented evile looks like (-1, Troll)

Anonymous Coward | more than 6 years ago | (#23341048)

can't see it, you say? just look around a little. it has no physical form, but is present in the behaviours of its greed/fear/ego based minions. see you on the other side of it? you can be more helpful than you might have imagined. there are still some choices. if they do not suit you, consider the likely results of continuing to follow the corepirate nazi hypenosys story LIEn, whereas anything of relevance is replaced almost instantly with pr ?firm? scriptdead mindphuking propaganda or 'celebrity' trivia 'foam'. meanwhile; don't forget to get a little more oxygen on yOUR brain, & look up in the sky from time to time, starting early in the day. there's lots going on up there.

http://news.yahoo.com/s/ap/20071229/ap_on_sc/ye_climate_records;_ylt=A0WTcVgednZHP2gB9wms0NUE
http://news.yahoo.com/s/afp/20080108/ts_alt_afp/ushealthfrancemortality;_ylt=A9G_RngbRIVHsYAAfCas0NUE
http://www.nytimes.com/2007/12/31/opinion/31mon1.html?em&ex=1199336400&en=c4b5414371631707&ei=5087%0A

is it time to get real yet? A LOT of energy is being squandered in attempts to keep US in the dark. in the end (give or take a few 1000 years), the creators will prevail (world without end, etc...), as it has always been. the process of gaining yOUR release from the current hostage situation may not be what you might think it is. butt of course, most of US don't know, or care what a precarious/fatal situation we're in. for example; the insidious attempts by the felonious corepirate nazi execrable to block the suns' light, interfering with a requirement (sunlight) for us to stay healthy/alive. it's likely not good for yOUR health/memories 'else they'd be bragging about it? we're intending for the whoreabully deceptive (they'll do ANYTHING for a bit more monIE/power) felons to give up/fail even further, in attempting to control the 'weather', as well as a # of other things/events.

http://video.google.com/videosearch?hl=en&q=video+cloud+spraying

dictator style micro management has never worked (for very long). it's an illness. tie that with life0cidal aggression & softwar gangster style bullying, & what do we have? a greed/fear/ego based recipe for disaster. meanwhile, you can help to stop the bleeding (loss of life & limb);

http://www.cnn.com/2007/POLITICS/12/28/vermont.banning.bush.ap/index.html

the bleeding must be stopped before any healing can begin. jailing a couple of corepirate nazi hired goons would send a clear message to the rest of the world from US. any truthful look at the 'scorecard' would reveal that we are a society in decline/deep doo-doo, despite all of the scriptdead pr ?firm? generated drum beating & flag waving propaganda that we are constantly bombarded with. is it time to get real yet? please consider carefully ALL of yOUR other 'options'. the creators will prevail. as it has always been.

corepirate nazi execrable costs outweigh benefits
(Score:-)mynuts won, the king is a fink)
by ourselves on everyday 24/7

as there are no benefits, just more&more death/debt & disruption. fortunately there's an 'army' of light bringers, coming yOUR way. the little ones/innocents must/will be protected. after the big flash, ALL of yOUR imaginary 'borders' may blur a bit? for each of the creators' innocents harmed in any way, there is a debt that must/will be repaid by you/us, as the perpetrators/minions of unprecedented evile, will not be available. 'vote' with (what's left in) yOUR wallet, & by your behaviors. help bring an end to unprecedented evile's manifestation through yOUR owned felonious corepirate nazi glowbull warmongering execrable. some of US should consider ourselves somewhat fortunate to be among those scheduled to survive after the big flash/implementation of the creators' wwwildly popular planet/population rescue initiative/mandate. it's right in the manual, 'world without end', etc.... as we all ?know?, change is inevitable, & denying/ignoring gravity, logic, morality, etc..., is only possible, on a temporary basis. concern about the course of events that will occur should the life0cidal execrable fail to be intervened upon is in order. 'do not be dismayed' (also from the manual). however, it's ok/recommended, to not attempt to live under/accept, fauxking nazi felon greed/fear/ego based pr ?firm? scriptdead mindphuking hypenosys.

consult with/trust in yOUR creators. providing more than enough of everything for everyone (without any distracting/spiritdead personal gain motives), whilst badtolling unprecedented evile, using an unlimited supply of newclear power, since/until forever. see you there?

"If my people, which are called by my name, shall humble themselves, and pray, and seek my face, and turn from their wicked ways; then will I hear from heaven, and will forgive their sin, and will heal their land."

meanwhile, the life0cidal philistines continue on their path of death, debt, & disruption for most of US. gov. bush denies health care for the little ones;

http://www.cnn.com/2007/POLITICS/10/03/bush.veto/index.html

whilst demanding/extorting billions to paint more targets on the bigger kids;

http://www.cnn.com/2007/POLITICS/12/12/bush.war.funding/index.html

& pretending that it isn't happening here;

http://www.timesonline.co.uk/tol/news/world/us_and_americas/article3086937.ece
all is not lost/forgotten/forgiven

(yOUR elected) president al gore (deciding not to wait for the much anticipated 'lonesome al answers yOUR questions' interview here on /.) continues to attempt to shed some light on yOUR foibles. talk about reverse polarity;

http://www.timesonline.co.uk/tol/news/environment/article3046116.ece

Bad Idea? (1)

Shadow_139 (707786) | more than 6 years ago | (#23341114)

Any I the only one who thinks it is a bad idea it publish a list of infected IP address? I know you can get the from Anti-Spam site to set as black-hole on your gateway but still....

Where is the big arrow? (1)

Alsier (709917) | more than 6 years ago | (#23341176)

I can't find the big arrow that says "You are here" on the map. How am I supposed to use it without that?

How does eNom... (2, Funny)

Thelasko (1196535) | more than 6 years ago | (#23341210)

allow people to register with information like:
Registrant Contact:
elnopic
elnopic elnopic (elnopic@elnopic.com)
+1.2435543
Fax: +1.5555555555
123 sdhdsa g
asdf, AD 34215
US
Do they not even try to verify this information?

Re:How does eNom... (2, Interesting)

Thelasko (1196535) | more than 6 years ago | (#23341298)

after further investigation, it appears the above domain was registered by a company called namecheap also known as HostingAnime [wikipedia.org] a company known for hosting al-Qaeda websites.

Coincidence? I think not!

Too many bots! (2, Funny)

IBBoard (1128019) | more than 6 years ago | (#23341456)

There must be too many bots - I can't even get it to render! All I get is a white page with no nodes and no links :\

Either that or they've rendered the botnet on a white background in apple white with light grey lines.

(i.e. it seems to be Slashdotted ;) )

i can see.. (0)

Anonymous Coward | more than 6 years ago | (#23341546)

cool i can see my home IP from there!

yeah... and (2, Interesting)

spikedvodka (188722) | more than 6 years ago | (#23341548)

And why's this so much news?
Any self-respecting revolutionary knows that you have a distributed network, so that even if a cell goes down, you can still pass messages.

Hell... I wish IRC could learn from this, I've had enough of netsplits. By rights only the server that goes offline should be affected if it goes down, it shouldn't split the network into 2 massive sections.

Yeah the image looks nice, and is all "ooohhhh ahhhh" and lends itself to "Hey... that's me", but really "News"? I think not

Call me when they have an article as to how they got this information

-1 "Cynical Bastard"

Re:yeah... and (0)

Anonymous Coward | more than 6 years ago | (#23342502)

Seriously, two days in a row with non-text articles. 5-7 NEVER FORGET

Re:yeah... and (1)

drew (2081) | more than 6 years ago | (#23343804)

I certainly hope there aren't too people here saying "Hey... that's me!"

Some nice-focal points there (1)

LighterShadeOfBlack (1011407) | more than 6 years ago | (#23341690)

...And people say nobody uses IRC anymore.

Tool? (1)

flibuste (523578) | more than 6 years ago | (#23341740)

Anyone knows if there's a tool to check an IP and see if it's part of a botnet?

Hey.... (2, Funny)

losethisurl (980326) | more than 6 years ago | (#23342838)

That looks alot like the map of our network where I am emplo... oh crap...

Funny IP: 1.3.3.7 (1)

slysithesuperspy (919764) | more than 6 years ago | (#23342938)

I zoomed in and saw "pimpin.opendns.be" attatched to 1.3.3.7 Has someone been messing with them or something? Anyone else seen any weird ones?

Ant Martha (1)

Tablizer (95088) | more than 6 years ago | (#23343900)

Wow, I can see my house's IP address from the zoom-out. It looks like a little ant from up here.

No need for flash after all (0)

Anonymous Coward | more than 6 years ago | (#23344138)

Looks like you can get the image right from the guy who collected the data.

check
http://www.honeynet.cz/img/big.jpg

and even http://www.honeynet.cz/img/small-circo.jpg (if you mostly just want to get an idea of what it all looks like)
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...