• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Botnets 101

Botnets 101



Introduction to Botnet...

Introduction to Botnet...



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Botnets 101 Botnets 101 Presentation Transcript

    • AungThu Rha Hein (g5536871)1
    •  What is a botnet? History of Botnet What are they used for? How do they work? Infection Procedure CommandTopologies Communication Methods Propagation Methods Defense Detection methods Defense Strategy Conclusion2
    •  A botnet is a collection of internet-connectedprograms communicating with other similarprograms in order to perform tasks. Wikipedia A collection of compromised computers thatis slowly built up then unleashed as a DDOSattack or used to send very large quantities ofspam. WolframAlpha3
    •  Bots originally used to automate tasks IRC,IM, MUDS, online-games Evolved into a way to automate maliciousattacks Spam, control a pc, propagate etc… Botnets started with DOS against servers Stacheldraht,Trinoo, Kelihos4
    •  DOS attacks Spam Phishing Identity theft Click Fraud Others….5
    • 1. Botmaster infected victims with botbotmaster victimC&C server6
    • 2.bot connects to the C&Cserver using HTTP,IRC orother protocolvictimC&C serverbotmaster7
    • 3.Botmaster sendscommandsthrough C&C server tozombiebotmaster victimC&C server8
    • 4.Repeat these process andbotmaster have bot army toControl from a single pointbotmasterVictims, zombiesC&C server9
    • 10
    •  Star Bots tied to centralized C&C server Multi-Server Same as Star but with multiple C&C server Hierarchical Parent bot control child bots Random Full P2P support11
    •  HTTP Easy for attacker to blend in IRC Harder to hide compared with HTTP Custom Makes use of new application protocols12
    •  E-Mail attachments; Social Engineering Trojan horses Drive-by downloads Scanning Horizontal: Single port Vertical :Single IP address13
    •  Three Main Issues How to Detect them? How to Response them? How to Negate the threat?14
    •  No single method “Defense in depth” principle Methods Network traffic analysis (NetFlow) Packet analysis(IDS) Analysis of application log files (Antivirus, firewall) Honeypots Others…15
    •  DefenseAgainst infection by bot (DAIBB) Prevent from entering into the system Updates and patches, security levels Defense against attacks by bot (DAABB) Prevent from being victim of botnet attacks IPS,TLS, SSL Monitoring, detection & studying of Bot (MDSBB) Detection methods, monitoring log files16
    •  Education of users (EOU) Raise the security awareness of users Legislative protection (LP) legislative-punishment policiesTHANKYOU!17