Upload File

botnets 101

17
Botnet 101 Aung Thu Rha Hein (g5536871) 1

Upload: aung-thu-rha-hein

Post on 22-Nov-2014

1.509 views

Category:

Technology


1 download

Report

DESCRIPTION

Introduction to Botnet...

TRANSCRIPT

Page 1: Botnets 101

1

Botnet 101Aung Thu Rha Hein (g5536871)

Page 2: Botnets 101

2

Agenda

What is a botnet? History of Botnet What are they used for? How do they work? Infection Procedure Command Topologies Communication Methods Propagation Methods Defense

Detection methods Defense Strategy

Conclusion

Page 3: Botnets 101

3

What is a botnet?

A botnet is a collection of internet-connected programs communicating with other similar programs in order to perform tasks.

Wikipedia

A collection of compromised computers that is slowly built up then unleashed as a DDOS attack or used to send very large quantities of spam.

WolframAlpha

Page 4: Botnets 101

4

History of Botnet

Bots originally used to automate tasks IRC,IM, MUDS, online-games

Evolved into a way to automate malicious attacks Spam, control a pc, propagate etc…

Botnets started with DOS against servers Stacheldraht, Trinoo, Kelihos

Page 5: Botnets 101

5

What are they used for?

DOS attacks Spam Phishing Identity theft Click Fraud Others….

Page 6: Botnets 101

6

How do they work?

1. Botmaster infected victims with bot

botmaster

victim

C&C server

Page 7: Botnets 101

7

How do they work?

2.bot connects to the C&C server using HTTP,IRC or other protocol

victim

C&C server

botmaster

Page 8: Botnets 101

8

How do they work?

3.Botmaster sends commands through C&C server to zombie

botmaster

victim

C&C server

Page 9: Botnets 101

9

How do they work?

4.Repeat these process and botmaster have bot army to Control from a single point

botmaster

Victims, zombies

C&C server

Page 10: Botnets 101

10

Infection Procedure

Page 11: Botnets 101

11

Command Topologies

Star Bots tied to centralized C&C server

Multi-Server Same as Star but with multiple C&C

server Hierarchical

Parent bot control child bots Random

Full P2P support

Page 12: Botnets 101

12

Communication Methods

HTTP Easy for attacker to blend in

IRC Harder to hide compared with HTTP

Custom Makes use of new application protocols

Page 13: Botnets 101

13

Propagation Methods

E-Mail attachments; Social Engineering

Trojan horses Drive-by downloads Scanning

Horizontal: Single port Vertical :Single IP address

Page 14: Botnets 101

14

Defense

Three Main Issues How to Detect them? How to Response them? How to Negate the threat?

Page 15: Botnets 101

15

Detection Methods

No single method “Defense in depth” principle Methods

Network traffic analysis (NetFlow) Packet analysis(IDS) Analysis of application log files

(Antivirus, firewall) Honeypots Others…

Page 16: Botnets 101

16

Defense Strategy

Defense Against infection by bot (DAIBB) Prevent from entering into the system Updates and patches, security levels

Defense against attacks by bot (DAABB) Prevent from being victim of botnet

attacks IPS, TLS, SSL

Monitoring, detection & studying of Bot (MDSBB) Detection methods, monitoring log files

Page 17: Botnets 101

17

Defense Strategy(cont.)

Education of users (EOU) Raise the security awareness of users

Legislative protection (LP) legislative-punishment policies

THANK YOU!


botnets - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/botnets.pdf · Botnets • Botnets: – Command and Control (C&C) – Zombie hosts (bots) ... [Your

Bots and Botnets plus

Towards Incentivizing ISPs To Mitigate Botnets · Towards Incentivizing ISPs To Mitigate Botnets ... Moura Towards Incentivizing ISPs To Mitigate Botnets. ... botnet is my botnet:

Botnets Malware Spyware

Peer-to-Peer Botnets

Usenix Sec12-Final127 DNS Botnets

Malware: Worms and Botnets

Botnets And Alife

about botnets

Resilient Botnets - KAIST

Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities

2012 10 19 Grehack botnets

Introduction to Botnets - CCDCOE · referred to as a botnet or zombie network. ... After the Takedown . Introduction to Botnets Introduction to Botnets Organization

Botnets 101 Jim Lippard, Director, Information Security Operations, Global Crossing Arizona Telecom and Information Council, June 16, 2005

Modeling and Measuring Botnets

Botnets: Infrastructure and Attacks

Botnets and Cybercrime - ISWATlab · Botnets and Cybercrime ... Easily to takedown ... Zombie to Zombie

Phalanx: Withstanding Multimillion-Node Botnets

Sinkholing Botnets

Monitoring botnets from within

Detecting Botnets and Malware

Fast Identi cation of Structured P2P Botnets using ... · Fast Identi cation of Structured P2P Botnets using Community Detection Algorithms ... method on CHORD Botnets embedded in

Botnets 101

AN INSIDE LOOK AT BOTNETS

Peering into spam botnets. - lokalhost.pl · Peering into spam botnets. Jaroslaw Jedynak Maciej Kotowicz 1 Intro Spaminprobablythebiggestvectorofinfectionforbothcommodityandtargeted

Advanced Methods for Botnet Intrusion Detection Systems...botnets. 2.3.1 IRC (Internet Relay Chat) In the beginning, most botnets used a centralized approach for managing botnets (Bacher

Cymru Botnets 101 - APNICarchive.apnic.net/meetings/26/program/security-training/botnets-101... · • Botnets are highly dynamic – Making them hard to detect, locate, and shut

Taming botnets

Defense against botnets

BotNets & Targeted Malware

Withstanding Multimillion-Node Botnets

Modern Botnets - Maggi

Wearable botnets 201560319_v3

A Brief Definition of Botnets

Black Market Botnets