Presentation is loading. Please wait.

Presentation is loading. Please wait.

Nullcon Goa 2010http://nullcon.net Botnet Mitigation, Monitoring and Management - Harshad Patil.

Published byCori James Modified over 9 years ago

Similar presentations

Presentation on theme: "Nullcon Goa 2010http://nullcon.net Botnet Mitigation, Monitoring and Management - Harshad Patil."— Presentation transcript:

1 nullcon Goa 2010http://nullcon.net Botnet Mitigation, Monitoring and Management - Harshad Patil

2 Introduction Why they use Botnets? Attack vectors- Where are they used? Taxonomy of botnet and how it operates Detection and prevention of botnets Some recent botnets Current Botnet Mitigation efforts Botnet Monitoring nullcon Goa 2010http://nullcon.net Agenda

3 nullcon Goa 2010http://nullcon.net Introduction What are bots, botnets, botmasters, and zombies,IRC,P2P? Three characteristic attributes of bot a remote control facility, the implementation of several commands, and a spreading mechanism

4 What is DOS nullcon Goa 2010http://nullcon.net # About an hour and 15 minutes duration # Misuse Null TCP 6 # IP Protocol 6, TCP # No Flags - Null TCP 0.0.0.0/0 # Very well distributed or Source-spoofed IPs 0-65535 # Very well distributed source ports xx.xx.X.X/32 # Surprise, undernet IRC Server… 6667 # 6667 IRC Source: ISC

5 nullcon Goa 2010http://nullcon.net Why Botnets? Capability of botnet Botnet Economy Self propagation Robustness Efficiency Effectiveness Usage of different Encryption systems P2P botnet advantages!

6 nullcon Goa 2010http://nullcon.net Attack vectors Spamming Phishing Click Fraud, Google Adsense Sniffing traffic- Corporate Espionage, ID Theft Keystroke logging Data Mining Manipulating online MMOGs

7 nullcon Goa 2010http://nullcon.net How they operate How botmasters discover new bots 2 architectures: CnC and P2P Communication between the bot and the botmaster Botnet Complexity How they evade IDS/Honeypots

8 nullcon Goa 2010http://nullcon.net CnC Architecture Botmaster C & C Bots

9 nullcon Goa 2010http://nullcon.net P2P Architecture Botmaster C & C Bots

10 nullcon Goa 2010http://nullcon.net Concerning factors Complexity of the Internet. Shortest compromise time: few secs.. Extradition issues and different laws of different countries.. Easy to escape detection techniques by new encryption types.(MD6 encryption: Conficker)

11 nullcon Goa 2010http://nullcon.net Concerning factors Courtesy: McAfee

12 nullcon Goa 2010http://nullcon.net Concerning factors

13 nullcon Goa 2010http://nullcon.net Concerning factors

14 Protection Detection Remediation nullcon Goa 2010http://nullcon.net

15 nullcon Goa 2010http://nullcon.net Detection Nepenthes HoneyBow Observe the behavior of bots Network based behavior: Host-based behavior Bothunter: Vertical Correlation. Correlation on the behaviors of single host. Botsniffer: Horizontal Correlation. On centralized C&C botnets Botminer: Extension on Botsniffer, no limitations on the C&C types.

16 nullcon Goa 2010http://nullcon.net Protection Honeynets IDS Snort Tripwire OurMon CWSandbox Current Mitigation efforts:

17 nullcon Goa 2010http://nullcon.net Current Mitigation effort Current Mitigation efforts:

18 nullcon Goa 2010http://nullcon.net Botnet Monitoring System: Current Mitigation efforts:

19 Some current cases Torpig Conficker A current flash 0day attack. nullcon Goa 2010http://nullcon.net

20 Torpig details nullcon Goa 2010http://nullcon.net

21 nullcon Goa 2010http://nullcon.net Conclusion Bots pose a threat to individuals and corporate environments Use: DDoS attacks, to spam, steal, spy, hack, … Defense: Prevention- Honeypots, IPS, N/w analysis tools Detection: IDS, analysis tools Management: Understanding security failures is much like anticipating that houses catch on fire and smoke detectors save lives. Current Mitigation efforts:

Download ppt "Nullcon Goa 2010http://nullcon.net Botnet Mitigation, Monitoring and Management - Harshad Patil."

Similar presentations

An Introduction of Botnet Detection – Part 2 Guofei Gu, Wenke Lee (Georiga Tech)

An Introduction of Botnet Detection – Part 2 Guofei Gu, Wenke Lee (Georiga Tech)
Networking, Sensing and Control (ICNSC), 2013 10th IEEE International Conference on 102064535 黃川洁 1/25.

Networking, Sensing and Control (ICNSC), th IEEE International Conference on 黃川洁 1/25.
Botnets. Botnet Threat Botnets are a major threat to the Internet because: Consist of a large pool of compromised computers that are organized by a master.

Botnets. Botnet Threat Botnets are a major threat to the Internet because: Consist of a large pool of compromised computers that are organized by a master.
Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.

Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.
MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.

MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.
A Hierarchical Hybrid Structure for Botnet Control and Command A Hierarchical Hybrid Structure for Botnet Control and Command Zhiqi Zhang, Baochen Lu,

A Hierarchical Hybrid Structure for Botnet Control and Command A Hierarchical Hybrid Structure for Botnet Control and Command Zhiqi Zhang, Baochen Lu,
Taxonomy of Botnets Team Mag Five Valerie Buitron Jaime Calahorrano Derek Chow Julia Marsh Mark Zogbaum.

Taxonomy of Botnets Team Mag Five Valerie Buitron Jaime Calahorrano Derek Chow Julia Marsh Mark Zogbaum.
 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 

 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
1 Understanding Botnet Phenomenon MITP 458 - Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.

1 Understanding Botnet Phenomenon MITP Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.
Slides to add  Botnet slides  Security regulations  Do we have similar laws for transportation?  Terrorism (look for some examples if possible)  Company.

Slides to add  Botnet slides  Security regulations  Do we have similar laws for transportation?  Terrorism (look for some examples if possible)  Company.
BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection Written by Guofei Gu, Roberto Perdisci, Junjie.

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection Written by Guofei Gu, Roberto Perdisci, Junjie.
Botnet Dection system. Introduction  Botnet problem  Challenges for botnet detection.

Botnet Dection system. Introduction  Botnet problem  Challenges for botnet detection.
Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.

Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.
Botnets Usman Jafarey Including slides from The Zombie Roundup by Cooke, Jahanian, McPherson of the University of Michigan.

Botnets Usman Jafarey Including slides from The Zombie Roundup by Cooke, Jahanian, McPherson of the University of Michigan.
Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
BotFinder: Finding Bots in Network Traffic Without Deep Packet Inspection F. Tegeler, X. Fu (U Goe), G. Vigna, C. Kruegel (UCSB)

BotFinder: Finding Bots in Network Traffic Without Deep Packet Inspection F. Tegeler, X. Fu (U Goe), G. Vigna, C. Kruegel (UCSB)
CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.

CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.

Similar presentations

Ads by Google