Sravanthi Vattikuti Sri Harsha Devabhaktuni BOTNETS Sravanthi Vattikuti Sri Harsha Devabhaktuni
What will we cover? What are botnets? What are they used for? How do they work? Attacks Detection Prevention Methods Future Challenges
Botnets “A botnet is a large collection of well-connected compromised machines, that interact to take part in some distributed task.” Bots (Zombies) Botmaster (Bot herder) Command and Control Server (C&C)
What are they used for? Communication Resource Sharing Curiosity Fun Financial Gain
How do they work?
How do they work?
How do they work?
How do they work?
Botnet Attacks Distributed Denial of Service (DDoS) Disable network services by consuming bandwidths Information Leakage Retrieve sensitive information by Key logging Click Fraud Obtain Higher click through rate (CTR) Identity Fraud Phishing Mail
Distributed Denial of Service (DDoS)
Click Fraud
Detection Methods Honeypot and Honeynet Prevent Detect Response Monitor
Detection Methods IRC-based Detection Detection based on traffic analysis Detection based on anomaly activities
Detection Methods DNS Tracking Monitor anti-virus and firewall logs Distinguish botnet based on a similarity value Monitor anti-virus and firewall logs Use IDS to watch for: IRC/P2P/Botnet activity Attacks and DoS traffic coming FROM your network
You’ve detected it, now what? Begin incident response Treat it like a virus infection First priority is removal of malware If possible, determine how it got on This will help prevent further infections Prevent it from happening again Patch, user awareness, etc.
Botnet Prevention Countermeasures for Public Firewall Equipment Countermeasures for Home Users Use anti-virus Attention while downloading Back-up all systems Countermeasures for System Administrator Monitor logs regularly Use network packet sniffer Isolate the malicious subnet Scan individual machine
The Future of Botnets Attackers are going to get better More complicated botnets will appear In-Depth analysis at different levels Flash Botnets Hard to distinguish malicious packages from regular traffic.
References www.korelogic.com/Resources/Presentations/botnets_issa.pdf Nicholas Ianelli, Aaron Hackworth, Botnets as a Vehicle for Online Crime, Carnegie Mellon University 2005. Wikipedia, “Botnet,” http://en.wikipedia.org/wiki/Botnet R. Puri, “Bots and botnets: an overview,” Tech. Rep., SANS Institute, 2003. Google bots, botnets, botmaster
Questions?