• Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,098
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
86
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. AungThu Rha Hein (g5536871)1
  • 2.  What is a botnet? History of Botnet What are they used for? How do they work? Infection Procedure CommandTopologies Communication Methods Propagation Methods Defense Detection methods Defense Strategy Conclusion2
  • 3.  A botnet is a collection of internet-connectedprograms communicating with other similarprograms in order to perform tasks. Wikipedia A collection of compromised computers thatis slowly built up then unleashed as a DDOSattack or used to send very large quantities ofspam. WolframAlpha3
  • 4.  Bots originally used to automate tasks IRC,IM, MUDS, online-games Evolved into a way to automate maliciousattacks Spam, control a pc, propagate etc… Botnets started with DOS against servers Stacheldraht,Trinoo, Kelihos4
  • 5.  DOS attacks Spam Phishing Identity theft Click Fraud Others….5
  • 6. 1. Botmaster infected victims with botbotmaster victimC&C server6
  • 7. 2.bot connects to the C&Cserver using HTTP,IRC orother protocolvictimC&C serverbotmaster7
  • 8. 3.Botmaster sendscommandsthrough C&C server tozombiebotmaster victimC&C server8
  • 9. 4.Repeat these process andbotmaster have bot army toControl from a single pointbotmasterVictims, zombiesC&C server9
  • 10. 10
  • 11.  Star Bots tied to centralized C&C server Multi-Server Same as Star but with multiple C&C server Hierarchical Parent bot control child bots Random Full P2P support11
  • 12.  HTTP Easy for attacker to blend in IRC Harder to hide compared with HTTP Custom Makes use of new application protocols12
  • 13.  E-Mail attachments; Social Engineering Trojan horses Drive-by downloads Scanning Horizontal: Single port Vertical :Single IP address13
  • 14.  Three Main Issues How to Detect them? How to Response them? How to Negate the threat?14
  • 15.  No single method “Defense in depth” principle Methods Network traffic analysis (NetFlow) Packet analysis(IDS) Analysis of application log files (Antivirus, firewall) Honeypots Others…15
  • 16.  DefenseAgainst infection by bot (DAIBB) Prevent from entering into the system Updates and patches, security levels Defense against attacks by bot (DAABB) Prevent from being victim of botnet attacks IPS,TLS, SSL Monitoring, detection & studying of Bot (MDSBB) Detection methods, monitoring log files16
  • 17.  Education of users (EOU) Raise the security awareness of users Legislative protection (LP) legislative-punishment policiesTHANKYOU!17