PRESENTATION
ON
BOTNET
OUTLINE
Introduction to Botnet
 Botnet Life-cycle
 Botnet in Network Security
 Botnet Uses
 Botnet Detection
 Preven...
INTRODUCTION
 A Botnet is a network of compromised computers
under the control of a remote attacker
 controller of a bot...
INTRODUCTION TO BOTNET(TERMINOLOGY)
IRC Channel
IRC Server
Code Server
IRC Channel
C&C Traffic
Updates
Victim
Attack
Bot M...
BOTNET LIFE-CYCLE
BOTNET LIFE-CYCLE
BOTNET LIFE-CYCLE
BOTNET LIFE-CYCLE
BOTNET IN NETWORK SECURITY
 Internet users are getting infected by bots
 Many times corporate and end users are trapped ...
BOTNET IS USED FOR-
Bot MasterMoney
HOW BOTNET IS USED??
Distributed Denial of Service (DDoS) attacks
 Sending Spams
 Phishing
 Addware
 Spyware
 Click ...
BOTNET DETECTION
Two approaches for botnet detection based on
 Setting up honeynets
 Passive traffic monitoring
 Signat...
BOTNET DETECTION:SETTING UP HONEYNETS
Windows Honey pot
 Honeywall Responsibilities:
DNS/IP-address of IRC server and po...
BOTNET DETECTION:SETTING UP HONEYNETS
Bot
1. Malicious Traffic
Sensor
3. Authorize
2. Inform bot’s IP
Bot Master
BOTNET DETECTION:TRAFFIC MONITORING
Signature based: Detection of known botnets
 Anomaly based: Detect botnet using foll...
BOTNET DETECTION
 Determining the source of a botnet-based attack is
challenging:
 Traditional approach:
Every zombie h...
PREVENTING BOTNET INFECTIONS
Use a Firewall
 Use Antivirus (AV) software
 Deploy an Intrusion Prevention System (IPS)
...
CONCLUSION
 Botnets pose a significant and growing threat against
cyber security
 It provides key platform for many cybe...
introduction to Botnet
Upcoming SlideShare
Loading in...5
×

introduction to Botnet

334

Published on

a brief description about bot nets and working of Bots

Published in: Engineering, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
334
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
23
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

introduction to Botnet

  1. 1. PRESENTATION ON BOTNET
  2. 2. OUTLINE Introduction to Botnet  Botnet Life-cycle  Botnet in Network Security  Botnet Uses  Botnet Detection  Preventing Botnet Infection  Botnet Research  Conclusion
  3. 3. INTRODUCTION  A Botnet is a network of compromised computers under the control of a remote attacker  controller of a botnet is able to direct the activities of these compromised computers  Botnet Terminology  Bot Herder (Bot Master)  Bot  Bot Client  IRC Server  Command and Control Channel (C&C)
  4. 4. INTRODUCTION TO BOTNET(TERMINOLOGY) IRC Channel IRC Server Code Server IRC Channel C&C Traffic Updates Victim Attack Bot Master
  5. 5. BOTNET LIFE-CYCLE
  6. 6. BOTNET LIFE-CYCLE
  7. 7. BOTNET LIFE-CYCLE
  8. 8. BOTNET LIFE-CYCLE
  9. 9. BOTNET IN NETWORK SECURITY  Internet users are getting infected by bots  Many times corporate and end users are trapped in botnet attacks  Today 16-25% of the computers connected to the internet are members of a botnet  In this network bots are located in various locations  It will become difficult to track illegal activities  This behavior makes botnet an attractive tool for intruders and increase threat against network security
  10. 10. BOTNET IS USED FOR- Bot MasterMoney
  11. 11. HOW BOTNET IS USED?? Distributed Denial of Service (DDoS) attacks  Sending Spams  Phishing  Addware  Spyware  Click Fraud
  12. 12. BOTNET DETECTION Two approaches for botnet detection based on  Setting up honeynets  Passive traffic monitoring  Signature based  Anomaly based  DNS based
  13. 13. BOTNET DETECTION:SETTING UP HONEYNETS Windows Honey pot  Honeywall Responsibilities: DNS/IP-address of IRC server and port number (optional) password to connect to IRC-server Nickname of bot Channel to join and (optional) channel-password
  14. 14. BOTNET DETECTION:SETTING UP HONEYNETS Bot 1. Malicious Traffic Sensor 3. Authorize 2. Inform bot’s IP Bot Master
  15. 15. BOTNET DETECTION:TRAFFIC MONITORING Signature based: Detection of known botnets  Anomaly based: Detect botnet using following anomalies  High network latency  High volume of traffic  Traffic on unusual port  Unusual system behaviour  DNS based: Analysis of DNS traffic generated by botnets
  16. 16. BOTNET DETECTION  Determining the source of a botnet-based attack is challenging:  Traditional approach: Every zombie host is an attacker Botnets can exist in a benign state for an arbitrary amount of time before they are used for a specific attack  New trend: P2P networks
  17. 17. PREVENTING BOTNET INFECTIONS Use a Firewall  Use Antivirus (AV) software  Deploy an Intrusion Prevention System (IPS)  Define a Security Policy and  Share Policies with your users systematically
  18. 18. CONCLUSION  Botnets pose a significant and growing threat against cyber security  It provides key platform for many cyber crimes (DDOS)  As network security has become integral part of our life and botnets have become the most serious threat to it  It is very important to detect botnet attack and find the solution for it
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×