Presentation is loading. Please wait.

Presentation is loading. Please wait.

Botnet Detection & Countermeasures

Published byPeter Kelley Modified over 6 years ago

Similar presentations

Presentation on theme: "Botnet Detection & Countermeasures"— Presentation transcript:

1 Botnet Detection & Countermeasures

2 About Me – Kiran Ratnaker
IT Security Researcher Certified Ethical Hacker Certified Forensic Investigator Certified Security Analyst WatchGuard Certified Professional Contact Twitter

3 Agenda What is BotNet Botnet Detection Countermeasures

4 Close Encounter with Botnet
Network of 150 Machines Dead No Internet, No Local Server Access

5 Mac Flooding, ARP Poison, MITM, DDoS…
uses ports 16464, 16465, 16470, and / or The 

6 Worst Things No bot detection by AV Websense failed
Firewall proxy bottleneck IP in exploit blacklist Rootkit prevented detection, connecting the HDD to other fresh clean machine detected Botnet Zero Access, i.e. AV was compromised

7 How We Restored Network Operations?
Enabled Security features on LAN ARP Spoofing Prevention, DoS Attack Prevention Settings, Broadcast...Multicast...Unicast Traps Reduced network speed > Check for port utilizing high bandwidth > Shut it down > Format the machines

8 Challenges in Dev & QA Environment
Developer needs Admin Access Innovation needs openness QA Needs old versions Port based applications is history p2p apps on top & so as attacks

9 What is BotNet Botnet: Bot + Network
BotMaster Botnet: Bot + Network Compromised machine install programs which performs autonomus tasks, these Networked bots controlled by single botmaster with multiple command & control centers……. builds Botnet C&C C&C Reference Video - Bots Bots

10 How Botnet Spreads itself ?
Peer to Peer

11 Cyber Crimes Ransomware Feck Id

12 2016 Cyberattack Denial-of-service attack on DYN (Distributed Network Services, Inc.) On 21 October 2016 Dyn’s network attacked with DDos with load of 1.2 Terabits per second Twitter,Reddit,GitHub,Amazon.com,Netflix,Spotify,BBC,PayPal,CNN become unreachable Mirai botnet was used to launch a DDos attack Mirai botnet consisting of more than 100,000 infected devices Internet of Things-enabled(IoT) devices included in attack (Surveillance Cameras,Printers,Residential Gateways) Mirai infected devices were spotted in 164 countries Mirai’s C&C(command and control) code is coded in Go while its bots are coded in C programming. Ref- Mirai botnet -

13 Detection Symptoms Benchmark Machine Log L3 Switch Log Firewall Log
OS, AV, Wireshark

14

15 Benchmark TCP/IP Connections on Machine & Firewall
100 x 50 = 5000 Connections What are the total Number of Machines as per Inventory & Logs ARP on Switch = Number of Machines ARP on L3, Firewall

16 Machine IP + Mac Address
+ VLAN Route + VLAN Broadcast on L3 Switch

17 Process Explorer

18 Wireshark

19

20 Countermeasures Daily Checks Enable AV Firewall + IPS
IP Black List, Concurrent Connections, Botnet Ports, Deny Packets, Geolocation, DNS Enable AV Firewall + IPS Update Security Patches Firmware Updates Machines, Network Switches, Printers, WAP, Firewall Install only required applications

21 Process Explorer Microsoft Netmon Questions ? Questions

22 Ashish Shanker ashish.shanker@synerzip.com @ShankerAshish
22

23 Synerzip Your trusted outsourcing partner for Agile software product development. Accelerate the delivery of your product roadmap Address technology skill gaps Save at least 50% with offshore software development Augment your team with optional on-site professionals

24 Synerzip Clients

25 linkedin.com/company/synerzip
Connect with Synerzip @Synerzip linkedin.com/company/synerzip facebook.com/Synerzip

26 Next Webinar Manging Software People & Teams
on Thursday, March 16, 2017 at Noon CST Webinar Presenter: Ron Lichty, Author & Agile Consultant

Download ppt "Botnet Detection & Countermeasures"

Similar presentations

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.

MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 

 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 
Computer Security and Penetration Testing

Computer Security and Penetration Testing
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
1 Networking and Security: Connecting Computers and Keeping Them Safe from Hackers and Viruses Networking fundamentals Network architecture Network components.

1 Networking and Security: Connecting Computers and Keeping Them Safe from Hackers and Viruses Networking fundamentals Network architecture Network components.
Borrowed from Brent ByungHoon Kang, GMU. A Network of Compromised Computers on the Internet IP locations of the Waledac botnet. Borrowed from Brent ByungHoon.

Borrowed from Brent ByungHoon Kang, GMU. A Network of Compromised Computers on the Internet IP locations of the Waledac botnet. Borrowed from Brent ByungHoon.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.

Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
Sravanthi Vattikuti Sri Harsha Devabhaktuni

Sravanthi Vattikuti Sri Harsha Devabhaktuni
Botnets An Introduction Into the World of Botnets Tyler Hudak

Botnets An Introduction Into the World of Botnets Tyler Hudak
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.

Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
BotNet Detection Techniques By Shreyas Sali

BotNet Detection Techniques By Shreyas Sali
This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

Similar presentations

Ads by Google