Upload File

botnets 101

17
Botnet 101 Aung Thu Rha Hein (g5536871) 1

Upload: aung-thu-rha-hein

Post on 22-Nov-2014

1.509 views

Category:

Technology


1 download

Report

DESCRIPTION

Introduction to Botnet...

TRANSCRIPT

Page 1: Botnets 101

1

Botnet 101Aung Thu Rha Hein (g5536871)

Page 2: Botnets 101

2

Agenda

What is a botnet? History of Botnet What are they used for? How do they work? Infection Procedure Command Topologies Communication Methods Propagation Methods Defense

Detection methods Defense Strategy

Conclusion

Page 3: Botnets 101

3

What is a botnet?

A botnet is a collection of internet-connected programs communicating with other similar programs in order to perform tasks.

Wikipedia

A collection of compromised computers that is slowly built up then unleashed as a DDOS attack or used to send very large quantities of spam.

WolframAlpha

Page 4: Botnets 101

4

History of Botnet

Bots originally used to automate tasks IRC,IM, MUDS, online-games

Evolved into a way to automate malicious attacks Spam, control a pc, propagate etc…

Botnets started with DOS against servers Stacheldraht, Trinoo, Kelihos

Page 5: Botnets 101

5

What are they used for?

DOS attacks Spam Phishing Identity theft Click Fraud Others….

Page 6: Botnets 101

6

How do they work?

1. Botmaster infected victims with bot

botmaster

victim

C&C server

Page 7: Botnets 101

7

How do they work?

2.bot connects to the C&C server using HTTP,IRC or other protocol

victim

C&C server

botmaster

Page 8: Botnets 101

8

How do they work?

3.Botmaster sends commands through C&C server to zombie

botmaster

victim

C&C server

Page 9: Botnets 101

9

How do they work?

4.Repeat these process and botmaster have bot army to Control from a single point

botmaster

Victims, zombies

C&C server

Page 10: Botnets 101

10

Infection Procedure

Page 11: Botnets 101

11

Command Topologies

Star Bots tied to centralized C&C server

Multi-Server Same as Star but with multiple C&C

server Hierarchical

Parent bot control child bots Random

Full P2P support

Page 12: Botnets 101

12

Communication Methods

HTTP Easy for attacker to blend in

IRC Harder to hide compared with HTTP

Custom Makes use of new application protocols

Page 13: Botnets 101

13

Propagation Methods

E-Mail attachments; Social Engineering

Trojan horses Drive-by downloads Scanning

Horizontal: Single port Vertical :Single IP address

Page 14: Botnets 101

14

Defense

Three Main Issues How to Detect them? How to Response them? How to Negate the threat?

Page 15: Botnets 101

15

Detection Methods

No single method “Defense in depth” principle Methods

Network traffic analysis (NetFlow) Packet analysis(IDS) Analysis of application log files

(Antivirus, firewall) Honeypots Others…

Page 16: Botnets 101

16

Defense Strategy

Defense Against infection by bot (DAIBB) Prevent from entering into the system Updates and patches, security levels

Defense against attacks by bot (DAABB) Prevent from being victim of botnet

attacks IPS, TLS, SSL

Monitoring, detection & studying of Bot (MDSBB) Detection methods, monitoring log files

Page 17: Botnets 101

17

Defense Strategy(cont.)

Education of users (EOU) Raise the security awareness of users

Legislative protection (LP) legislative-punishment policies

THANK YOU!


Fast Identi cation of Structured P2P Botnets using ... · Fast Identi cation of Structured P2P Botnets using Community Detection Algorithms ... method on CHORD Botnets embedded in

Wearable botnets 201560319_v3

Bots and Botnets plus

Phalanx: Withstanding Multimillion-Node Botnets

Towards Incentivizing ISPs To Mitigate Botnets · Towards Incentivizing ISPs To Mitigate Botnets ... Moura Towards Incentivizing ISPs To Mitigate Botnets. ... botnet is my botnet:

Army of Botnets

Spamming Botnets: Signatures and Characteristics

Malware: Worms and Botnets

Resilient Botnets - KAIST

Peer-to-Peer Botnets

Usenix Sec12-Final127 DNS Botnets

A Taxonomy of Botnets - pdfs.semanticscholar.org · and P2P les [sym04,gos05]. Signicantly , botnets are now often created by other fiseedfl botnets [sym04]. Once an initial botnet

Intro to Botnets - Bilal ZIANE

Sinkholing Botnets - Trend Micro · 2011-12-08 · Sinkholing Botnets A Trend Micro Technical Paper 2 TECHNICAL PAPER I SINKHOLING BOTNETS Botnet Statistics The data we gathered spoke

Botnets Malware Spyware

Botnets y Redes Zombies

2012 10 19 Grehack botnets

Monitoring botnets from within

Introduction to Botnets - CCDCOE · referred to as a botnet or zombie network. ... After the Takedown . Introduction to Botnets Introduction to Botnets Organization

BotNets & Targeted Malware

Botnets & DDoS Introduction

about botnets

Taming botnets

Botnets And Alife

Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities

SPAM/BOTNETS and Malware

Advanced Methods for Botnet Intrusion Detection Systems...botnets. 2.3.1 IRC (Internet Relay Chat) In the beginning, most botnets used a centralized approach for managing botnets (Bacher

Modeling and Measuring Botnets

Cymru Botnets 101 - APNICarchive.apnic.net/meetings/26/program/security-training/botnets-101... · • Botnets are highly dynamic – Making them hard to detect, locate, and shut

Malware: Botnets and Worms

Detecting Botnets and Malware

A Brief Definition of Botnets

Sinkholing Botnets

Botnets 10 Tough Questions

Withstanding Multimillion-Node Botnets