0
AungThu Rha Hein (g5536871)1
 What is a botnet? History of Botnet What are they used for? How do they work? Infection Procedure CommandTopologies...
 A botnet is a collection of internet-connectedprograms communicating with other similarprograms in order to perform task...
 Bots originally used to automate tasks IRC,IM, MUDS, online-games Evolved into a way to automate maliciousattacks Spa...
 DOS attacks Spam Phishing Identity theft Click Fraud Others….5
1. Botmaster infected victims with botbotmaster victimC&C server6
2.bot connects to the C&Cserver using HTTP,IRC orother protocolvictimC&C serverbotmaster7
3.Botmaster sendscommandsthrough C&C server tozombiebotmaster victimC&C server8
4.Repeat these process andbotmaster have bot army toControl from a single pointbotmasterVictims, zombiesC&C server9
10
 Star Bots tied to centralized C&C server Multi-Server Same as Star but with multiple C&C server Hierarchical Parent...
 HTTP Easy for attacker to blend in IRC Harder to hide compared with HTTP Custom Makes use of new application protoc...
 E-Mail attachments; Social Engineering Trojan horses Drive-by downloads Scanning Horizontal: Single port Vertical :...
 Three Main Issues How to Detect them? How to Response them? How to Negate the threat?14
 No single method “Defense in depth” principle Methods Network traffic analysis (NetFlow) Packet analysis(IDS) Analy...
 DefenseAgainst infection by bot (DAIBB) Prevent from entering into the system Updates and patches, security levels De...
 Education of users (EOU) Raise the security awareness of users Legislative protection (LP) legislative-punishment pol...
Upcoming SlideShare
Loading in...5
×

Botnets 101

1,890

Published on

Introduction to Botnet...

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,890
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
161
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Transcript of "Botnets 101"

  1. 1. AungThu Rha Hein (g5536871)1
  2. 2.  What is a botnet? History of Botnet What are they used for? How do they work? Infection Procedure CommandTopologies Communication Methods Propagation Methods Defense Detection methods Defense Strategy Conclusion2
  3. 3.  A botnet is a collection of internet-connectedprograms communicating with other similarprograms in order to perform tasks. Wikipedia A collection of compromised computers thatis slowly built up then unleashed as a DDOSattack or used to send very large quantities ofspam. WolframAlpha3
  4. 4.  Bots originally used to automate tasks IRC,IM, MUDS, online-games Evolved into a way to automate maliciousattacks Spam, control a pc, propagate etc… Botnets started with DOS against servers Stacheldraht,Trinoo, Kelihos4
  5. 5.  DOS attacks Spam Phishing Identity theft Click Fraud Others….5
  6. 6. 1. Botmaster infected victims with botbotmaster victimC&C server6
  7. 7. 2.bot connects to the C&Cserver using HTTP,IRC orother protocolvictimC&C serverbotmaster7
  8. 8. 3.Botmaster sendscommandsthrough C&C server tozombiebotmaster victimC&C server8
  9. 9. 4.Repeat these process andbotmaster have bot army toControl from a single pointbotmasterVictims, zombiesC&C server9
  10. 10. 10
  11. 11.  Star Bots tied to centralized C&C server Multi-Server Same as Star but with multiple C&C server Hierarchical Parent bot control child bots Random Full P2P support11
  12. 12.  HTTP Easy for attacker to blend in IRC Harder to hide compared with HTTP Custom Makes use of new application protocols12
  13. 13.  E-Mail attachments; Social Engineering Trojan horses Drive-by downloads Scanning Horizontal: Single port Vertical :Single IP address13
  14. 14.  Three Main Issues How to Detect them? How to Response them? How to Negate the threat?14
  15. 15.  No single method “Defense in depth” principle Methods Network traffic analysis (NetFlow) Packet analysis(IDS) Analysis of application log files (Antivirus, firewall) Honeypots Others…15
  16. 16.  DefenseAgainst infection by bot (DAIBB) Prevent from entering into the system Updates and patches, security levels Defense against attacks by bot (DAABB) Prevent from being victim of botnet attacks IPS,TLS, SSL Monitoring, detection & studying of Bot (MDSBB) Detection methods, monitoring log files16
  17. 17.  Education of users (EOU) Raise the security awareness of users Legislative protection (LP) legislative-punishment policiesTHANKYOU!17
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×