Hacker News new | comments | show | ask | jobs | submit login

Wow, that's pretty amazing work!

How is he able to add new supernodes to the cluster? I would expect a supernode to have some sort of credentials that are used for authentication. If not, isn't it possible to neutralize the botnet by overloading it with supernodes that don't send malicious commands?

According to his initial explanation - "In a peer to peer botnet, bots which can receive incoming connections act as servers (called supernodes)."

So in some cases the only requirement for a node to be a supernode is that it can receive incoming connections. I take this to mean that any computer that is 1. infected with the botnet program, 2. can receive incoming connections, becomes a supernode. Under those circumstances there's no need to reverse engineer the botnet program, all you have to do is set up a vulnerable computer, allow it to be compromised and infected becoming a supernode; then monitor the traffic of incoming connections.

He later mentions that supernodes can be filtered based on "age, online time, latency, or trust." This tells me that certain botnets do have a level of trust that is defined in each peer list.

I believe your last question refers to the concept of sinkholing or blackholing. These methods have been used by the FBI to take down botnets through DNS hijacking, I think.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact