NANOG Meeting Presentation Abstract

Offensive Anti-Botnet - So you want to take over a botnet...
Meeting:	NANOG59
Date / Time:	2013-10-08 5:00pm - 5:40pm
Room:	Akimel Ballroom 3 & 4
Presenters:	Speakers: David Dittrich, University of Washington Dave Dittrich is an Affiliated Research Scientist with the Office of the Chief Information Security Officer at the University of Washington. He has been involved in investigating and countering computer crimes going back to the late-1990s. Dave was the first person to describe the technical details of DDoS attack tools in 1999, was an early researcher into bots and botnets, and one of the first to study P2P for botnet command and control. Dave has pushed the limits, but he tries to do it in a way that is ethically defensible. He has written extensively on ethics and the "Active Response Continuum," serves on one of the UW's Institutional Review Boards evaluating human subjects research, and he and Erin Kenneally recently co-authored the Department of Homeland Security document, "The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research."
Abstract:	Computer criminals regularly construct large distributed attack networks comprised of many thousands of compromised computers around the globe. Once constituted, these attack networks are used to perform computer crimes, creating yet other sets of victims of secondary computer crimes, such as denial of service attacks, spam delivery, theft of personal and financial information for performing fraud, exfiltration of proprietary information for competitive advantage (industrial espionage), etc. The arms race between criminal actors who create and operate botnets and the computer security industry and research community who are actively trying to take these botnets down is escalating in aggressiveness. As the sophistication level of botnet engineering and operations increases, so does the demand on reverse engineering, understanding weaknesses in design that can be exploited on the defensive (or counter-offensive) side, and the possibility that actions to take down or eradicate the botnet may cause unintended consequences. This talk will look at some of the motivations for taking aggressive "self-defense" actions, the ethical issues that are involved and how to think about them, examine some recent botnet takedown actions and their side-effects, and provide personal opinions on how the security research and operations communities should consider on the path forward.
Files:	Offensive Anti-Botnet - So you want to take over a botnet... (PDF) Offensive Anti-Botnet - So you want to take over a botnet...
Sponsors:	None.

Back to NANOG59 agenda.

NANOG59 Abstracts

• Show All

• 100G Evolution at Comcast
  Speakers:
  Benjamin Vik, Comcast;

• Extending SDN into the Transport Network
  Speakers:
  William Wauford, Infinera;

• SDX: A Software Defined Internet Exchange
  Speakers:
  Arpit Gupta

• 12 Mbps @ 36,000 ft. Coming attractions in in-flight broadband
  Speakers:
  Girish Chandran

• Passive Detection of Misbehaving Name Servers
  Speakers:
  Jonathan Spring, Software Engineering Institute (CERT);

• Better than Best Practices are Needed to Defeat DNS Amplification Attacks
  Speakers:
  Ralf Weber, Nominum;

• Measuring Network Convergence on Production Networks
  Speakers:
  Laris Benkis, Third Planet Networks;

• Datacenter Track
  Moderators:
  Martin HanniganAkamai Technologies, Inc.; .
  Daniel Golding, Iron Mountain;

• Research & Education Network Operators Track
  Speakers:
  Michael Sinatra, ESnet;

• Datacenter Track
  Moderators:
  Martin HanniganAkamai Technologies, Inc.; .
  Daniel Golding, Iron Mountain;

• The Nice Thing About Standards...
  Speakers:
  Paul Ebersman, Infoblox;

• Multihoming / Traffic Engineering
  Speakers:
  Andy DavidsonAllegro Networks / LONAP ; .
  

• Troubleshooting with Traceroute
  Speakers:
  Richard Steenbergen, GTT;

• Optical Networks 201
  Speakers:
  Sergiu Rotenstein, MRV;

• Datacenter Networking @ Facebook
  Speakers:
  David Swafford, Facebook;

• DHCPv6 Fingerprinting and BYOD
  Speakers:
  Tom Coffeen, Infoblox;

• Offensive Anti-Botnet - So you want to take over a botnet...
  Speakers:
  David Dittrich, University of Washington;

• Scaling the Public Edge: Approaches to Application Load Balancing
  Moderators:
  Chris Woodfield, Twitter; Panelists:
  Leslie Carr, Wikimedia Foundation; Mike Thompson, A10 Networks; Jamie Dahl, Yahoo!; Sridhar Devarapalli, Citrix;

• Scaling the Public Edge: Approaches to Application Load Balancing
  Moderators:
  Chris Woodfield, Twitter; Panelists:
  Leslie Carr, Wikimedia Foundation; Mike Thompson, A10 Networks; Jamie Dahl, Yahoo!; Sridhar Devarapalli, Citrix;

• Scaling the Public Edge: Approaches to Application Load Balancing
  Moderators:
  Chris Woodfield, Twitter; Panelists:
  Leslie Carr, Wikimedia Foundation; Mike Thompson, A10 Networks; Jamie Dahl, Yahoo!; Sridhar Devarapalli, Citrix;

• Scaling the Public Edge: Approaches to Application Load Balancing
  Moderators:
  Chris Woodfield, Twitter; Panelists:
  Leslie Carr, Wikimedia Foundation; Mike Thompson, A10 Networks; Jamie Dahl, Yahoo!; Sridhar Devarapalli, Citrix;

• Scaling the Public Edge: Approaches to Application Load Balancing
  Moderators:
  Chris Woodfield, Twitter; Panelists:
  Leslie Carr, Wikimedia Foundation; Mike Thompson, A10 Networks; Jamie Dahl, Yahoo!; Sridhar Devarapalli, Citrix;

• DOCSIS 3.1 High Level Overview
  Speakers:
  Karthik Sundaresan, CableLabs;

• Who are the Anycasters?
  Speakers:
  Jim CowieRenesys; .
  

• Understanding Wireless Interference
  Speakers:
  Suman Banerjee, UW-Madison;

• ARP Mitigation at AMS-IX
  Speakers:
  Martin PelsAMS-IX; .