You are approaching the problem the wrong way. Many failover systems
work very well when the primary fails entirely--when the salesman pulls
the plug. Few work well when the primary doesn't entirely fail, but
just doesn't work correctly, as is usually the case in the real world.
Such as? How does it apply to the network world?
Try that approach on the C&Cs: infiltrate and use the C&C to the
botnets' disadvantage. Probably, you can cause an "upgrade" to be
distributed to the infected hosts that doesn't have a secondary control
channel, but that doesn't overly alert the human bot operators until its
too late.
Infiltration is intelligence, not network.. uploading a file is illegal
and unethical...
Good solid ideas, but unfortunately failed in the past.
