1 / 18

Botnets

Botnets. Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen. What is a Botnet?. Attacker controls remote computer Any attack that allows execution of code Virus, worm, Trojan horse, etc. Controlled machine known as “zombie” “Phones home” via IRC

taariq
Download Presentation

Botnets

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen

  2. What is a Botnet? • Attacker controls remote computer • Any attack that allows execution of code • Virus, worm, Trojan horse, etc. • Controlled machine known as “zombie” • “Phones home” via IRC • Joins a pre-specified channel • Attacker gives commands on channel • Network of these machines is a botnet ECE 4112 - Internetwork Security

  3. Controlling a Botnet ECE 4112 - Internetwork Security

  4. How big is a Botnet? • Size ranges from 10 to 10,000 • Largest recorded: 50,000 • Could be much larger ECE 4112 - Internetwork Security

  5. Purpose of Botnets • Spamming • Send large amounts of text to chat rooms in mIRC • Send out spam emails • Sniffing Traffic • Use packet sniffers to find passwords and usernames on supposedly secure networks ECE 4112 - Internetwork Security

  6. Purpose of Botnets (cont’d) • Keylogging • Log and send private information like name, ssn, credit card info etc. • Spread Malware • Install various malicious programs • Install Advertisement addons • Make money from autoclicking banners • Manipulate online polls ECE 4112 - Internetwork Security

  7. Purpose of Botnets (cont’d) • DDOS • Even a small botnet (~1000 machines) can be effective. • Each computer is attacking, which can offer more than 100Mb/sec in an attack • This is enough to cripple most Company networks • A large botnet (~50000 machines) • Each computer contributes roughly 128Kb/sec on average. • Roughly 5000Mb/sec ECE 4112 - Internetwork Security

  8. Often used in Corporate attacks. • Easily disable most networks • Become a kind of Hacker Mercenary ECE 4112 - Internetwork Security

  9. What can a typical bot do? • Gather Computer Information • Cpu speed, memory, etc • Keylogger • Credit card information, name, ssn etc • Portscan • Bypass firewalls by scanning from behind the firewall • Infect other computers with the trojan ECE 4112 - Internetwork Security

  10. Types of Bots • Script Based • Run from installing a IRC client and running malicious scripts on it. • Code based • Run from an executable created from a source code file, do not require any other files than the initial executable. ECE 4112 - Internetwork Security

  11. Detecting a Botnet • Packet sniffing does not work • IRC helps to make master anonymous. • Infected computers typically send spoofed packets. • Manual Detection • Watch IRC clients for odd activity • Look for suspicious names • Look for login verification ECE 4112 - Internetwork Security

  12. Who does a Botmaster target? • Most botnets spread from old exploits • Most targeted computers are “home pc” as many users do not patch their operating system. • Allows botnets to run rampant and infect large amounts of computers automatically ECE 4112 - Internetwork Security

  13. What protects against infection? • A botnet is basically just a special form of trojan • Firewalls • Anti-Virus • Intelligent Downloading ECE 4112 - Internetwork Security

  14. What will you do in lab? • Install mIRC • Connect to the IRC Server • View source code for both GT-bot and SD-bot, some of the earlier bots • Configure and infect a computer with both bots ECE 4112 - Internetwork Security

  15. Control each bot and compare the power of each • Explore the capabilities of a botnet ECE 4112 - Internetwork Security

  16. Conclusions • Easy to spread • Hard to detect • Very powerful ECE 4112 - Internetwork Security

  17. Questions? • Comments? ECE 4112 - Internetwork Security

  18. References • http://askmatador.com/ep/bots/ • http://www.honeynet.org/papers/bots/ • http://zine.dal.net/previousissues/issue22/botnet.php ECE 4112 - Internetwork Security

More Related