[76697] in North American Network Operators' Group
Re: Botnet pointer
daemon@ATHENA.MIT.EDU (Gadi Evron)
Mon Dec 20 17:16:17 2004
Date: Tue, 21 Dec 2004 00:21:40 +0200
From: Gadi Evron <ge@linuxbox.org>
To: Fred Baker <fred@cisco.com>
Cc: "william(at)elan.net" <william@elan.net>,
"'nanog@merit.edu'" <nanog@merit.edu>
In-Reply-To: <6.2.0.14.2.20041220134637.0598b8d8@mira-sjc5-b.cisco.com>
Errors-To: owner-nanog-outgoing@merit.edu
> "bot": derivative of "robot". An application on an infected computer
> used for orchestrated attacks or for distributed generation of spam,
> often distributed in or with viruses or other malware. Similar to
> "zombie", which is an older usage specific to distributed denial of
> service attacks.
I believe calling them "bots", although correct, is a mistake. "drones"
or "zombies" or whatever "shark" ( *wink* :) ) you like would probably
work. How else are we going to be able to tell the difference from real
bots? I.e. those bots that people run legitimately, meaning not by the
AUP of the service the bots run on but rather by the approval of the
machine administrator/operator.
This is not to say these bots must be non-abusive, but to distinguish
them from the.. erm.. drones! :)
> "botnet": a set of bots that may be controlled as a single service, and
> which may be leased or sold to a user as a unit.
I believe that a "distributed (centrally controlled) network of <insert
word>" would serve us best. Under "normal"/root conditions, you can make
a program do whatever you want for it to do, on a Windows machine. So
what it serves for is irrelevant if we want to be abstract.
Gadi.
