Fast Flux vs Tor (botnet) ?

[Fl0x]

which is better according to your opinion?
Fast flux or Tor (Botnet)
this is a small poll

 

[arnis777]

тор крутой

 

[peacemaker]

Ну во первых вам нужно понимать для чего вам это нужно. Тор очень медленный, и какой нибудь модуль ВНЦ будет работать ужасно. Плюс тор это еще дополнительные детекты. Флюкс полностью аналогичен тору, по функционалу. Я к тому что он так же скрывает сервер, но платный или требует затрат (домены, серверы, или заказывать как услугу)

Итого, если кратко.
* Тор - бесплатно, медленно, может повлечь детекты.
* Флюкс - платно, быстро, не требует модифицировать код.

Но для надежности всегда нужно покрывать оба протокола с DGA + цифровые подписи.

 

[r1z]

TOR i don't recommended at all, we all see latest hacking with MAZA, etc.. Fast Flux i think it's a better option but we need to encrypted it from dediction, we need some more information on how it's work and how to encrypted from the dediction is someone can share with us ?

 

[Pernat1y]

we all see latest hacking with MAZA

Not sure if it happened because of Tor

 

[r1z]

Well this is good news, but i think there is already some weakness in TOR nodes which make it not able to secure sensitive information... looking for more complex technologies is a "MUST" i think.

 

[Sattov]

Torsocks are incredibly slow and unreliable for any large amount of bots. Fastflux is good but allows mapping of the bots.

 

[knxit]

Torsocks are incredibly slow and unreliable for any large amount of bots. Fastflux is good but allows mapping of the bots.

The speed is completly acceptable, compared to years ago, I'm using always 2x TOR before I connect to 2th VPN and speed is ok.

Also bots don't need to connect all at once, add simple timer in bot to connect once every 30 minute, I got it like this in my bot and its not about speed mainly, but securitiy and stability, I run a over 200k bots botnet on one VPS with 6 gb of RAM without problem.

And about the detections, there are only 2 options:

1. You got the code and fix the detections yourself
2. Search and pay coders todo it always

No malware stays UD forever, not a single crypter can help you keeping it runtime FUD after detections, the code itself needs to be changed, so before talking about TOR detections, you need to understand that your malware will get more than the TOR detections anyways.

TOR +
FastFlux -

 

[Sattov]

The speed is completly acceptable, compared to years ago, I'm using always 2x TOR before I connect to 2th VPN and speed is ok.

Also bots don't need to connect all at once, add simple timer in bot to connect once every 30 minute, I got it like this in my bot and its not about speed mainly, but securitiy and stability, I run a over 200k bots botnet on one VPS with 6 gb of RAM without problem.

And about the detections, there are only 2 options:

1. You got the code and fix the detections yourself
2. Search and pay coders todo it always

No malware stays UD forever, not a single crypter can help you keeping it runtime FUD after detections, the code itself needs to be changed, so before talking about TOR detections, you need to understand that your malware will get more than the TOR detections anyways.

TOR +
FastFlux -

I mean 'mapping of the bots' as in researchers figure out the ip addresses of your bots with fastflux. If you're loading 0days this isn't a good thing and netlab will be onto you.

Within my use case of Moobot - bots would take longer to reconnect after any drop-offs, longer to start the attack.