What is a botnet? History of Botnet What are they used for? How do they work? Infection Procedure CommandTopologies Communication Methods Propagation Methods Defense Detection methods Defense Strategy Conclusion2
A botnet is a collection of internet-connectedprograms communicating with other similarprograms in order to perform tasks. Wikipedia A collection of compromised computers thatis slowly built up then unleashed as a DDOSattack or used to send very large quantities ofspam. WolframAlpha3
Bots originally used to automate tasks IRC,IM, MUDS, online-games Evolved into a way to automate maliciousattacks Spam, control a pc, propagate etc… Botnets started with DOS against servers Stacheldraht,Trinoo, Kelihos4
Star Bots tied to centralized C&C server Multi-Server Same as Star but with multiple C&C server Hierarchical Parent bot control child bots Random Full P2P support11
HTTP Easy for attacker to blend in IRC Harder to hide compared with HTTP Custom Makes use of new application protocols12
E-Mail attachments; Social Engineering Trojan horses Drive-by downloads Scanning Horizontal: Single port Vertical :Single IP address13
Three Main Issues How to Detect them? How to Response them? How to Negate the threat?14
No single method “Defense in depth” principle Methods Network traffic analysis (NetFlow) Packet analysis(IDS) Analysis of application log files (Antivirus, firewall) Honeypots Others…15
DefenseAgainst infection by bot (DAIBB) Prevent from entering into the system Updates and patches, security levels Defense against attacks by bot (DAABB) Prevent from being victim of botnet attacks IPS,TLS, SSL Monitoring, detection & studying of Bot (MDSBB) Detection methods, monitoring log files16
Education of users (EOU) Raise the security awareness of users Legislative protection (LP) legislative-punishment policiesTHANKYOU!17
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.