1 / 24

Fighting Against Botnets: Hands-On Laboratory Exercises

Fighting Against Botnets: Hands-On Laboratory Exercises. Dr. Jim Chen, John Smet, Barry Williams, Victor Tsao, Alkalifa A. Samake, Lamin Kamara, Tokunbo Olojo, Nicole Regobert March 2007. What is a Botnet?.

duscha
Download Presentation

Fighting Against Botnets: Hands-On Laboratory Exercises

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Fighting Against Botnets: Hands-On Laboratory Exercises Dr. Jim Chen, John Smet, Barry Williams, Victor Tsao, Alkalifa A. Samake, Lamin Kamara,Tokunbo Olojo, Nicole Regobert March 2007

  2. What is a Botnet? • A collection of software applications, or robots, which runs automated tasks over the Internet • Possible malicious purpose, such as taking over a remote machine (victim1) and using it to attack another machine (victim2) • A collection of compromised machines (victim1) under a common command and control infrastructure, through a means such as IRC Secure IT 2007 Conference

  3. Challenges • (1) How to show the botnet to the students? • (2) How to know if your computer has been turned into a zombie machine? • (3) How to get rid of the malicious Trojan codes that serve that function? Secure IT 2007 Conference

  4. Solution • Set up a closed lab with a few computers, a hub, a switch, and a router • Selected some open-source software packages • Designed and developed some hands-on laboratory exercises Secure IT 2007 Conference

  5. 3 Lab Exercises • Lab 1: Shows a botnet [addressing Challenge #(1)] • Lab 2: Shows the detection of a zombie machine [addressing Challenge #(2)] • Lab 3: Shows some countermeasures [addressing Challenge #(3)] Secure IT 2007 Conference

  6. Objectives of Lab 1 • Show the botnet Secure IT 2007 Conference

  7. Lab 1: Botnet • One computer with intrusive software tool running on it • Two computers with Snort and Ethereal running on them • One Web server computer with Snort and Ethereal running on it • Connect these computers together via a hub, a switch, or a router to form a network Secure IT 2007 Conference

  8. Botnet • Demo Secure IT 2007 Conference

  9. Lab 1: Lesson Learned • It is not difficult to explore a vulnerability within a computer system. • Some intrusions may not be detected automatically. Secure IT 2007 Conference

  10. Objectives of Lab 2 • Detect a zombie machine • Learn to do the analysis and to use different detection tools Secure IT 2007 Conference

  11. Lab 2: Zombie Machine Detection • Use the tools in the Windows system • Use Ethereal to capture and analyze the traffic • Use the Snort intrusion detection system Secure IT 2007 Conference

  12. Zombie Machine Detection • Demo Secure IT 2007 Conference

  13. Abnormal Behavior Detection • Use the tools in the Windows system Secure IT 2007 Conference

  14. Traffic Capture and Analysis • Use Ethereal / WireShark to capture and analyze the traffic Secure IT 2007 Conference

  15. Botnet Detection Using Snort • Use the Snort intrusion detection system Secure IT 2007 Conference

  16. Lab 2: Lesson Learned • It is essential to find out any abnormal behavior in the system. • It is important to identify the patterns and characteristics of the suspicious traffic before writing any Snort rules. Secure IT 2007 Conference

  17. Objectives of Lab 3 • Learn to use some countermeasures Secure IT 2007 Conference

  18. Lab 3: Countermeasures • Use Trojan remover software • Use anti-virus software • Modify firewall settings • Use other tools Secure IT 2007 Conference

  19. Lab 3: Countermeasures • Demo Secure IT 2007 Conference

  20. Lab 3: Lesson Learned • Different tools can be used to get rid of the malicious Trojan codes that serve the botnet function. • Multiple tools may be used together to deal with some specific types of botnets. • New tools need to be designed and developed in fighting against botnets. Secure IT 2007 Conference

  21. Pedagogical Implication • The challenges in teaching how to fight against botnets can be addressed using hands-on labs. • Critical thinking skills and creativity are promoted in putting students in an environment in which they need to find out the limitations of available tools used in fighting against botnets and figure out their new solutions. • More effective and efficient tools can be designed and developed using the life-cycle approach. Secure IT 2007 Conference

  22. Summary • Hands-on lab exercises can be designed and developed to teach students how to fight against botnets. • The actual needs may motivate students to create new tools. Secure IT 2007 Conference

  23. References • Beale, J., Baker, A., Caswell, B., Poor, M., and others. (2004). Snort 2.1 Intrusion Detection (2nd Edition). Rockland, MA: Syngress Publishing, Inc. • Cox, K. & Gerg, C. (2004). Managing Security with Snort and IDS Tools. Sebastopol, CA: O’Reilly Media, Inc. • Ethereal, http://www.ethereal.com • Smith, P. & Ragan, T. (1999). Instructional Design. Hoboken, NJ: John Wiley & Sons, Inc. • Snort, http://www.snort.org • Wireshark, http://www.wireshark.org • Xiang, Y., Zhou, W. (2006). "An Intrusion Surveillance System to Detect IRC-based DDoS Attacks" in IEEE Proceedings of the International Multi-Conference on Computing in the Global Information Technology (ICCGI'06), P65. Secure IT 2007 Conference

More Related