Docstoc

BOTNETS

Document Sample
BOTNETS Powered By Docstoc
					BOTNETS


     Sravanthi Vattikuti
     Sri Harsha Devabhaktuni
What will we cover?
• What are botnets?
• What are they used for?
• How do they work?
• Attacks
• Detection
• Prevention Methods
• Future Challenges
Botnets
• “A botnet is a large collection of well-connected
  compromised machines, that interact to take
  part in some distributed task.”

    Bots (Zombies)

    Botmaster (Bot herder)

    Command and Control Server (C&C)
What are they used for?

• Communication
• Resource Sharing
• Curiosity
• Fun
• Financial Gain
How do they work?
How do they work?
How do they work?
How do they work?
Botnet Attacks

• Distributed Denial of Service (DDoS)
   Disable network services by consuming bandwidths

• Information Leakage
   Retrieve sensitive information by Key logging

• Click Fraud
   Obtain Higher click through rate (CTR)

• Identity Fraud
    Phishing Mail
Distributed Denial of Service (DDoS)
Click Fraud
Detection Methods

Honeypot and Honeynet


                                          Attackers




    Attack Data
                                         Prevent
                  HoneyPot A
                                          Detect
                                            Response
                               Gateway
                                              Monitor
Detection Methods

• IRC-based Detection
   Detection based on traffic analysis
   Detection based on anomaly activities
 Detection Methods

• DNS Tracking
    Distinguish botnet based on a similarity value

• Monitor anti-virus and firewall logs
• Use IDS to watch for:
    IRC/P2P/Botnet activity
    Attacks and DoS traffic coming FROM your
     network
You’ve detected it, now what?

• Begin incident response
    Treat it like a virus infection

• First priority is removal of malware
• If possible, determine how it got on
    This will help prevent further infections

• Prevent it from happening again
    Patch, user awareness, etc.
Botnet Prevention

• Countermeasures for Public
   Firewall Equipment

• Countermeasures for Home Users
   Use anti-virus
   Attention while downloading
   Back-up all systems

• Countermeasures for System Administrator
   Monitor logs regularly
   Use network packet sniffer
   Isolate the malicious subnet
   Scan individual machine
The Future of Botnets

• Attackers are going to get better
• More complicated botnets will appear
• In-Depth analysis at different levels
• Flash Botnets
• Hard to distinguish malicious packages
  from regular traffic.
References

• www.korelogic.com/Resources/Presentations/bo
  tnets_issa.pdf
• Nicholas Ianelli, Aaron Hackworth, Botnets as a
  Vehicle for Online Crime, Carnegie Mellon
  University 2005.
• Wikipedia, “Botnet,”
  http://en.wikipedia.org/wiki/Botnet
• R. Puri, “Bots and botnets: an overview,” Tech.
  Rep., SANS Institute, 2003.
• Google
    bots, botnets, botmaster
Questions?

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:11
posted:1/30/2012
language:English
pages:19