Presentation is loading. Please wait.

Presentation is loading. Please wait.

Know your Enemy: Tracking Botnets The Honeynet Project & Research Alliance Presented by: Jonathan Dowdle.

Published byAlicia Stewart Modified over 9 years ago

Similar presentations

Presentation on theme: "Know your Enemy: Tracking Botnets The Honeynet Project & Research Alliance Presented by: Jonathan Dowdle."— Presentation transcript:

1 Know your Enemy: Tracking Botnets The Honeynet Project & Research Alliance Presented by: Jonathan Dowdle

2 Motivation To study the activities of BotNets and their owners

3 What a Botnet is Not

4 Introduction What is a BotNet? What is a HoneyNet? Who are the victims? What vulnerabilities are used? What can a BotNet be used for?

5 HoneyNet

6 BotNet

7 Method Setup –HoneyNet of 3 machines Analysis –mwcollectd2 –drone

8 Uses of Botnets DDoS (Distributed Denial of Service) Attack Spamming Sniffing Traffic Keylogging Spreading Malware Google AdSense Abuse Attacking IRC Networks (similar to DDoS) Manipulating online polls/games Mass identity theft

9 Types of Bots Most common bots –Agobot / Phatbot / Forbot / XtremBot –SDBot / RBot / UrBot / UrXBot –GT-Bots Less common bots –DSNX Bots –Q8 Bots –kaiten –Perl-based bots

10 How Bots Work

11

12 The Server Unreal IRCd ConferenceRoom

13 HoneyNet

14 Tracking Botnets IRC login information is sniffed when bot on Honeypot connects Using login information gathered we can connect to master IRC server

15 Tracking Botnets -- Observing Commands from master can be observed in channel Custom IRC client is usually needed

16 Custom IRC Client drone

17 Lessons Learned Number of botnets –100 botnets over 4 months –35 “live” botnets as of paper’s publish date Number of hosts –~220,000 unique IP addresses joining at least one of the monitored channels The number may be larger due to some hosts not showing joining clients into a channel

18 Lessons Learned Cont. Typical Size of Botnets –100s – up to 50,000 hosts Dimension of DDoS-attacks –226 DDoS-attacks against 99 unique targets

19 Strengths Moderate learning curve –Paper is presented in ordinary language Novel method of determining methods and attacks used by Botnet owners

20 Weaknesses Focuses only IRC-based bots More data could have been provided

21 Further Research Vulnerability modules Shellcode parsing modules Fetch modules

Download ppt "Know your Enemy: Tracking Botnets The Honeynet Project & Research Alliance Presented by: Jonathan Dowdle."

Similar presentations

Network Security Highlights Nick Feamster Georgia Tech.

Network Security Highlights Nick Feamster Georgia Tech.
An Introduction of Botnet Detection – Part 2 Guofei Gu, Wenke Lee (Georiga Tech)

An Introduction of Botnet Detection – Part 2 Guofei Gu, Wenke Lee (Georiga Tech)
Botnets ECE 4112 Lab 10 Group 19.

Botnets ECE 4112 Lab 10 Group 19.
Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.

Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.
MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.

MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.

BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.
Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin.

Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin.
1 Understanding Botnet Phenomenon MITP 458 - Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.

1 Understanding Botnet Phenomenon MITP Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.
Bots and Botnets CS-431 Dick Steflik. DDoS ● One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie.

Bots and Botnets CS-431 Dick Steflik. DDoS ● One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie.
Botnet Dection system. Introduction  Botnet problem  Challenges for botnet detection.

Botnet Dection system. Introduction  Botnet problem  Challenges for botnet detection.
Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.

Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.
Botnets Usman Jafarey Including slides from The Zombie Roundup by Cooke, Jahanian, McPherson of the University of Michigan.

Botnets Usman Jafarey Including slides from The Zombie Roundup by Cooke, Jahanian, McPherson of the University of Michigan.
Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
2009/9/151 Rishi : Identify Bot Contaminated Hosts By IRC Nickname Evaluation Reporter : Fong-Ruei, Li Machine Learning and Bioinformatics Lab In Proceedings.

2009/9/151 Rishi : Identify Bot Contaminated Hosts By IRC Nickname Evaluation Reporter : Fong-Ruei, Li Machine Learning and Bioinformatics Lab In Proceedings.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
Botnets by Mehedy Masud September 16, 2009. Botnets ● Introduction ● History ● How to they spread? ● What do they do? ● Why care about them? ● Detection.

Botnets by Mehedy Masud September 16, Botnets ● Introduction ● History ● How to they spread? ● What do they do? ● Why care about them? ● Detection.
Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.

Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.
1 Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling - Proceedings.

1 Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling - Proceedings.

Similar presentations

Ads by Google