Botnets 101
Upcoming SlideShare
Loading in...5

Botnets 101



Introduction to Botnet...

Introduction to Botnet...



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Botnets 101 Botnets 101 Presentation Transcript

  • AungThu Rha Hein (g5536871)1
  •  What is a botnet? History of Botnet What are they used for? How do they work? Infection Procedure CommandTopologies Communication Methods Propagation Methods Defense Detection methods Defense Strategy Conclusion2
  •  A botnet is a collection of internet-connectedprograms communicating with other similarprograms in order to perform tasks. Wikipedia A collection of compromised computers thatis slowly built up then unleashed as a DDOSattack or used to send very large quantities ofspam. WolframAlpha3
  •  Bots originally used to automate tasks IRC,IM, MUDS, online-games Evolved into a way to automate maliciousattacks Spam, control a pc, propagate etc… Botnets started with DOS against servers Stacheldraht,Trinoo, Kelihos4
  •  DOS attacks Spam Phishing Identity theft Click Fraud Others….5
  • 1. Botmaster infected victims with botbotmaster victimC&C server6
  • connects to the C&Cserver using HTTP,IRC orother protocolvictimC&C serverbotmaster7
  • 3.Botmaster sendscommandsthrough C&C server tozombiebotmaster victimC&C server8
  • 4.Repeat these process andbotmaster have bot army toControl from a single pointbotmasterVictims, zombiesC&C server9
  • 10
  •  Star Bots tied to centralized C&C server Multi-Server Same as Star but with multiple C&C server Hierarchical Parent bot control child bots Random Full P2P support11
  •  HTTP Easy for attacker to blend in IRC Harder to hide compared with HTTP Custom Makes use of new application protocols12
  •  E-Mail attachments; Social Engineering Trojan horses Drive-by downloads Scanning Horizontal: Single port Vertical :Single IP address13
  •  Three Main Issues How to Detect them? How to Response them? How to Negate the threat?14
  •  No single method “Defense in depth” principle Methods Network traffic analysis (NetFlow) Packet analysis(IDS) Analysis of application log files (Antivirus, firewall) Honeypots Others…15
  •  DefenseAgainst infection by bot (DAIBB) Prevent from entering into the system Updates and patches, security levels Defense against attacks by bot (DAABB) Prevent from being victim of botnet attacks IPS,TLS, SSL Monitoring, detection & studying of Bot (MDSBB) Detection methods, monitoring log files16
  •  Education of users (EOU) Raise the security awareness of users Legislative protection (LP) legislative-punishment policiesTHANKYOU!17