BOTNETS - Clemson
Download
Report
Transcript BOTNETS - Clemson
BOTNETS
Sravanthi Vattikuti
Sri Harsha Devabhaktuni
What will we cover?
• What are botnets?
• What are they used for?
• How do they work?
• Attacks
• Detection
• Prevention Methods
• Future Challenges
Botnets
• “A botnet is a large collection of well-connected
compromised machines, that interact to take
part in some distributed task.”
Bots (Zombies)
Botmaster (Bot herder)
Command and Control Server (C&C)
What are they used for?
• Communication
• Resource Sharing
• Curiosity
• Fun
• Financial Gain
How do they work?
How do they work?
How do they work?
How do they work?
Botnet Attacks
• Distributed Denial of Service (DDoS)
Disable network services by consuming bandwidths
• Information Leakage
Retrieve sensitive information by Key logging
• Click Fraud
Obtain Higher click through rate (CTR)
• Identity Fraud
Phishing Mail
Distributed Denial of Service (DDoS)
Click Fraud
Detection Methods
Honeypot and Honeynet
Attackers
Attack Data
HoneyPot A
Gateway
Prevent
Detect
Response
Monitor
Detection Methods
• IRC-based Detection
Detection based on traffic analysis
Detection based on anomaly activities
Detection Methods
• DNS Tracking
Distinguish botnet based on a similarity value
• Monitor anti-virus and firewall logs
• Use IDS to watch for:
IRC/P2P/Botnet activity
Attacks and DoS traffic coming FROM your
network
You’ve detected it, now what?
• Begin incident response
Treat it like a virus infection
• First priority is removal of malware
• If possible, determine how it got on
This will help prevent further infections
• Prevent it from happening again
Patch, user awareness, etc.
Botnet Prevention
• Countermeasures for Public
Firewall Equipment
• Countermeasures for Home Users
Use anti-virus
Attention while downloading
Back-up all systems
• Countermeasures for System Administrator
Monitor logs regularly
Use network packet sniffer
Isolate the malicious subnet
Scan individual machine
The Future of Botnets
• Attackers are going to get better
• More complicated botnets will appear
• In-Depth analysis at different levels
• Flash Botnets
• Hard to distinguish malicious packages
from regular traffic.
References
• www.korelogic.com/Resources/Presentations/bo
tnets_issa.pdf
• Nicholas Ianelli, Aaron Hackworth, Botnets as a
Vehicle for Online Crime, Carnegie Mellon
University 2005.
• Wikipedia, “Botnet,”
http://en.wikipedia.org/wiki/Botnet
• R. Puri, “Bots and botnets: an overview,” Tech.
Rep., SANS Institute, 2003.
• Google
bots, botnets, botmaster
Questions?