Botnets 101

3,590 views
3,180 views

Published on

Introduction to Botnet...

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,590
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
222
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Botnets 101

  1. 1. AungThu Rha Hein (g5536871)1
  2. 2.  What is a botnet? History of Botnet What are they used for? How do they work? Infection Procedure CommandTopologies Communication Methods Propagation Methods Defense Detection methods Defense Strategy Conclusion2
  3. 3.  A botnet is a collection of internet-connectedprograms communicating with other similarprograms in order to perform tasks. Wikipedia A collection of compromised computers thatis slowly built up then unleashed as a DDOSattack or used to send very large quantities ofspam. WolframAlpha3
  4. 4.  Bots originally used to automate tasks IRC,IM, MUDS, online-games Evolved into a way to automate maliciousattacks Spam, control a pc, propagate etc… Botnets started with DOS against servers Stacheldraht,Trinoo, Kelihos4
  5. 5.  DOS attacks Spam Phishing Identity theft Click Fraud Others….5
  6. 6. 1. Botmaster infected victims with botbotmaster victimC&C server6
  7. 7. 2.bot connects to the C&Cserver using HTTP,IRC orother protocolvictimC&C serverbotmaster7
  8. 8. 3.Botmaster sendscommandsthrough C&C server tozombiebotmaster victimC&C server8
  9. 9. 4.Repeat these process andbotmaster have bot army toControl from a single pointbotmasterVictims, zombiesC&C server9
  10. 10. 10
  11. 11.  Star Bots tied to centralized C&C server Multi-Server Same as Star but with multiple C&C server Hierarchical Parent bot control child bots Random Full P2P support11
  12. 12.  HTTP Easy for attacker to blend in IRC Harder to hide compared with HTTP Custom Makes use of new application protocols12
  13. 13.  E-Mail attachments; Social Engineering Trojan horses Drive-by downloads Scanning Horizontal: Single port Vertical :Single IP address13
  14. 14.  Three Main Issues How to Detect them? How to Response them? How to Negate the threat?14
  15. 15.  No single method “Defense in depth” principle Methods Network traffic analysis (NetFlow) Packet analysis(IDS) Analysis of application log files (Antivirus, firewall) Honeypots Others…15
  16. 16.  DefenseAgainst infection by bot (DAIBB) Prevent from entering into the system Updates and patches, security levels Defense against attacks by bot (DAABB) Prevent from being victim of botnet attacks IPS,TLS, SSL Monitoring, detection & studying of Bot (MDSBB) Detection methods, monitoring log files16
  17. 17.  Education of users (EOU) Raise the security awareness of users Legislative protection (LP) legislative-punishment policiesTHANKYOU!17

×