Botnets 101
Download as PPTX, PDF6 likes7,417 views
Botnets are collections of internet-connected programs that communicate together to perform tasks for their operators. They originated as tools to automate tasks but evolved into tools for malicious attacks like spam and DDoS. Botnets infect victims through various means and form centralized or hierarchical structures controlled through command and control servers using protocols like HTTP and IRC. They are used to carry out spam, phishing, and DDoS attacks. Detection relies on analyzing network traffic, application logs, and using honeypots while defense focuses on prevention, monitoring, and user education.
Botnets 101
- 1. AungThu Rha Hein (g5536871) 1
- 2. What is a botnet? History of Botnet What are they used for? How do they work? Infection Procedure CommandTopologies Communication Methods Propagation Methods Defense Detection methods Defense Strategy Conclusion 2
- 3. A botnet is a collection of internet-connected programs communicating with other similar programs in order to perform tasks. Wikipedia A collection of compromised computers that is slowly built up then unleashed as a DDOS attack or used to send very large quantities of spam. WolframAlpha 3
- 4. Bots originally used to automate tasks IRC,IM, MUDS, online-games Evolved into a way to automate malicious attacks Spam, control a pc, propagate etc… Botnets started with DOS against servers Stacheldraht,Trinoo, Kelihos 4
- 5. DOS attacks Spam Phishing Identity theft Click Fraud Others…. 5
- 6. 1. Botmaster infected victims with bot botmaster victim C&C server 6
- 7. 2.bot connects to the C&C server using HTTP,IRC or other protocol victim C&C server botmaster 7
- 8. 3.Botmaster sends commands through C&C server to zombie botmaster victim C&C server 8
- 9. 4.Repeat these process and botmaster have bot army to Control from a single point botmaster Victims, zombies C&C server 9
- 10. 10
- 11. Star Bots tied to centralized C&C server Multi-Server Same as Star but with multiple C&C server Hierarchical Parent bot control child bots Random Full P2P support 11
- 12. HTTP Easy for attacker to blend in IRC Harder to hide compared with HTTP Custom Makes use of new application protocols 12
- 13. E-Mail attachments; Social Engineering Trojan horses Drive-by downloads Scanning Horizontal: Single port Vertical :Single IP address 13
- 14. Three Main Issues How to Detect them? How to Response them? How to Negate the threat? 14
- 15. No single method “Defense in depth” principle Methods Network traffic analysis (NetFlow) Packet analysis(IDS) Analysis of application log files (Antivirus, firewall) Honeypots Others… 15
- 16. DefenseAgainst infection by bot (DAIBB) Prevent from entering into the system Updates and patches, security levels Defense against attacks by bot (DAABB) Prevent from being victim of botnet attacks IPS,TLS, SSL Monitoring, detection & studying of Bot (MDSBB) Detection methods, monitoring log files 16
- 17. Education of users (EOU) Raise the security awareness of users Legislative protection (LP) legislative-punishment policies THANKYOU! 17