Uninformed: Informative Information for the Uninformed

Vol 1» 2005.May

The Hybrid

There is a way to combine both the anonymity of an unlinked network with the quick response time of the linked approach. This can be done by employing a technique first envisioned in the description of a so-called ``Warhol Worm''. While no node knows anything about other nodes, the network master keeps track of the IPs of infected hosts. To distribute a command to a couple or maybe all of the nodes, he first of all prepares an encrypted file containing the IPs of all active nodes, and combines that with the command to execute. He then sends this commandfile to the first node on the list. This node executes the command, takes itself from the list, and goes top to bottom through the list, until it finds another active node, which it transmits the command file to. This way each node will only get to know about other nodes when receiving commandfiles, which are subsequently erased after the file has been successfully transmitted to another node. By calling certain nodes by their unique IDs, it's even possible to make certain nodes take different actions than all the others. By preparing different files and sending them to different nodes at start already, quite a fast distribution time can be achieved. Of course, should someone accomplish to not only sniff the commandfile, but also decrypt it, he has an entire list of infected hosts. Someone sniffing a node will still also see an incoming connection from somewhere, and an outgoing connection to somewhere else, and thus get to know about 2 more nodes. Thats just the same as depicted in the passive approach. Whats different is that a binary analysis of a node will not divulge information on another host of the network. As sniffing is probably more of a threat than binary analysis though, and considering a linked network offers way more flexibility, the Hybrid is most likely an inferior approach.