2. What is a botnet?
History of Botnet
What are they used for?
How do they work?
Infection Procedure
CommandTopologies
Communication Methods
Propagation Methods
Defense
Detection methods
Defense Strategy
Conclusion
2
3. A botnet is a collection of internet-connected
programs communicating with other similar
programs in order to perform tasks.
Wikipedia
A collection of compromised computers that
is slowly built up then unleashed as a DDOS
attack or used to send very large quantities of
spam.
WolframAlpha
3
4. Bots originally used to automate tasks
IRC,IM, MUDS, online-games
Evolved into a way to automate malicious
attacks
Spam, control a pc, propagate etc…
Botnets started with DOS against servers
Stacheldraht,Trinoo, Kelihos
4
11. Star
Bots tied to centralized C&C server
Multi-Server
Same as Star but with multiple C&C server
Hierarchical
Parent bot control child bots
Random
Full P2P support
11
12. HTTP
Easy for attacker to blend in
IRC
Harder to hide compared with HTTP
Custom
Makes use of new application protocols
12
13. E-Mail attachments; Social Engineering
Trojan horses
Drive-by downloads
Scanning
Horizontal: Single port
Vertical :Single IP address
13
14. Three Main Issues
How to Detect them?
How to Response them?
How to Negate the threat?
14
15. No single method
“Defense in depth” principle
Methods
Network traffic analysis (NetFlow)
Packet analysis(IDS)
Analysis of application log files (Antivirus, firewall)
Honeypots
Others…
15
16. DefenseAgainst infection by bot (DAIBB)
Prevent from entering into the system
Updates and patches, security levels
Defense against attacks by bot (DAABB)
Prevent from being victim of botnet attacks
IPS,TLS, SSL
Monitoring, detection & studying of Bot (MDSBB)
Detection methods, monitoring log files
16
17. Education of users (EOU)
Raise the security awareness of users
Legislative protection (LP)
legislative-punishment policies
THANKYOU!
17