botnets 101

17
Botnet 101 Aung Thu Rha Hein (g5536871) 1

Upload: aung-thu-rha-hein

Post on 22-Nov-2014

1.509 views

Category:

Technology


1 download

DESCRIPTION

Introduction to Botnet...

TRANSCRIPT

Page 1: Botnets 101

1

Botnet 101Aung Thu Rha Hein (g5536871)

Page 2: Botnets 101

2

Agenda

What is a botnet? History of Botnet What are they used for? How do they work? Infection Procedure Command Topologies Communication Methods Propagation Methods Defense

Detection methods Defense Strategy

Conclusion

Page 3: Botnets 101

3

What is a botnet?

A botnet is a collection of internet-connected programs communicating with other similar programs in order to perform tasks.

Wikipedia

A collection of compromised computers that is slowly built up then unleashed as a DDOS attack or used to send very large quantities of spam.

WolframAlpha

Page 4: Botnets 101

4

History of Botnet

Bots originally used to automate tasks IRC,IM, MUDS, online-games

Evolved into a way to automate malicious attacks Spam, control a pc, propagate etc…

Botnets started with DOS against servers Stacheldraht, Trinoo, Kelihos

Page 5: Botnets 101

5

What are they used for?

DOS attacks Spam Phishing Identity theft Click Fraud Others….

Page 6: Botnets 101

6

How do they work?

1. Botmaster infected victims with bot

botmaster

victim

C&C server

Page 7: Botnets 101

7

How do they work?

2.bot connects to the C&C server using HTTP,IRC or other protocol

victim

C&C server

botmaster

Page 8: Botnets 101

8

How do they work?

3.Botmaster sends commands through C&C server to zombie

botmaster

victim

C&C server

Page 9: Botnets 101

9

How do they work?

4.Repeat these process and botmaster have bot army to Control from a single point

botmaster

Victims, zombies

C&C server

Page 10: Botnets 101

10

Infection Procedure

Page 11: Botnets 101

11

Command Topologies

Star Bots tied to centralized C&C server

Multi-Server Same as Star but with multiple C&C

server Hierarchical

Parent bot control child bots Random

Full P2P support

Page 12: Botnets 101

12

Communication Methods

HTTP Easy for attacker to blend in

IRC Harder to hide compared with HTTP

Custom Makes use of new application protocols

Page 13: Botnets 101

13

Propagation Methods

E-Mail attachments; Social Engineering

Trojan horses Drive-by downloads Scanning

Horizontal: Single port Vertical :Single IP address

Page 14: Botnets 101

14

Defense

Three Main Issues How to Detect them? How to Response them? How to Negate the threat?

Page 15: Botnets 101

15

Detection Methods

No single method “Defense in depth” principle Methods

Network traffic analysis (NetFlow) Packet analysis(IDS) Analysis of application log files

(Antivirus, firewall) Honeypots Others…

Page 16: Botnets 101

16

Defense Strategy

Defense Against infection by bot (DAIBB) Prevent from entering into the system Updates and patches, security levels

Defense against attacks by bot (DAABB) Prevent from being victim of botnet

attacks IPS, TLS, SSL

Monitoring, detection & studying of Bot (MDSBB) Detection methods, monitoring log files

Page 17: Botnets 101

17

Defense Strategy(cont.)

Education of users (EOU) Raise the security awareness of users

Legislative protection (LP) legislative-punishment policies

THANK YOU!