This post originated from an RSS feed registered with Python Buzz by Ng Pheng Siong. Original Post: botnet Feed Title: (render-blog Ng Pheng Siong) Feed URL: http://sandbox.rulemaker.net/ngps/rdf10_xml Feed Description: Just another this here thing blog. Latest Python Buzz Posts Latest Python Buzz Posts by Ng Pheng Siong Latest Posts From (render-blog Ng Pheng Siong)

So a DDoS attack is made up of DoS attacks launched simultaneously by many computers from all over. What are these computers? Invariably they are poorly secured home computers connected via "always-on" broadband. These machines are penetrated and owned surreptitiously. A variety of malware may be installed; the new "owner" has been known to patch these machines so that other would-be "owners" may not get in and take over.

The "owner" also installs software to connect a machine to some pre-determined IRC channel. The owned machine then lies in wait for commands transmitted over that IRC channel. This machine has become a bot, and many such machines form a botnet. When a command comes in to DDoS such and such a target, say, the botnet blasts away.

According to the Internet Storm Centre (I like that name), in Sep 2004, the Norwegian ISP Telenor shut down a botnet containing over ten thousand clients. To quote, "If you have network traffic logs, you may want to check for connections from your hosts/network to the IRC server - it was listening on 203.81.40.172 tcp port 10009."

Googling for "largest ddos botnet" throws up the number 140,415. That's right, a botnet containing over one hundred forty thousand machines - surely a weapon of mass disruption. Another "largest" number is a staggering 40Gbps worth of aggregated attack traffic.

I reckon botnets will appear on p2p networks anytime now, if they haven't already.

Supposedly there is a black market that trades botnets. Hollywood movies can't be far away...