Abuse like this is nothing new in the world of shared, dedicated and colo hosting. Amazon has clearly taken a hands off approach to managing EC2 instances, much like an unmanaged dedicated server hosting provider.
-L
--
Larry Ludwig
Empowering
Media
1-866-792-0489 x600
Managed Xen based VPSes
http://www.hostcube.com/
Keep in mind EC2 instances could also be used in a DDOS attack.
This doesn't hold up if you are comparing to unmanaged providers.
Unless they are asleep at the wheel, no provider is going to allow you
to send spam. If they get enough reports they will shut you down.
Or, if you want to spend money, rent someone else's botnet as the attack platform. My understanding is that it's only a few hundred dollars to rent a 50,000 host botnet for a few hours. Certainly much more economically viable than using EC2.
On Jul 7, 2008, at 1:05 PM, Chris Sears wrote:Great point. So do botnets qualify as cloud computing?It's definitely at the point where it should be considered for that classification, although I still think one of the defining requirements is an API. Still, some folks (e.g. Joyent) claim to be clouds sans an API, so I guess the answer is: no if you think a cloud needs an API and yes if you don't.
On Jul 7, 2008, at 2:35 PM, Chris Sears wrote:
> My understanding of most botnets are that they do have APIs,
> sometimes implemented via IRC,
--Randy
Can you saturate large size network or ddos service spending only $4.95 dollars?Or call to 1-800-BOTNET for support and have SLA with 30-days money-back guarantee? :)
Khaz,Nobody said a cloud must be public and server others. It can easily be a private cloud used by the owner only. :)Can you saturate large size network or ddos service spending only $4.95 dollars?Or call to 1-800-BOTNET for support and have SLA with 30-days money-back guarantee? :)I would bet you $1 cash/trash that the owner of the bot-cloud can get better SLA than from a public cloud.Jian
On Tue, Jul 8, 2008 at 12:46 AM, Randy Bias <ran...@cloudscale.net> wrote:Good point. You are correct, of course. This should be a usable API
mechanism. So I guess that means that botnets should be considered
clouds.
On Jul 7, 2008, at 2:35 PM, Chris Sears wrote:
> My understanding of most botnets are that they do have APIs,
> sometimes implemented via IRC,Randy,How about no/low entry barrier ?Can you saturate large size network or ddos service spending only $4.95 dollars?Or call to 1-800-BOTNET for support and have SLA with 30-days money-back guarantee? :)
What can we do to prevent massive abuse of technical means in a cloud? Until someone finds universal remedy, I think we should protect last mile, in case of spam, it is antispam filter, virus - antivirus, routers already filtering UDP multicast etc.
What I was going to say, is that the price of the botnet-hour is
perhaps synthetic rather than being based on some software
development+IT shop business model. This might mean that the price of
using the botnet might be a lot lower really.
On the other note, do the cloud providers offer _client_ scaling
(where the cloud is a mass of clients, instead of services). Botnets
mostly offer bandwidth, rather than MFlops. That might be the
difference between EC2 and 10K+ botnet.
Sassa
2008/7/8 Khazret Sapenov <sap...@gmail.com>: