Lecture 12 - botnetDetection

Lecture 12 - botnetDetection - Baris Coskun Polytechnic...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
Baris Coskun Polytechnic Institute of NYU
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
A network of remotely controlled software agents (roBOTs) distributed over (large number of) hosts. Remote Controller => Bot Master
Background image of page 2
Non-Malicious : Distribute computationally intense tasks over many home computers. [email protected] Compute part of protein folding simulations. [email protected] Analyze radio signals to search for signs of extra terrestrial intelligence. All distributed computing projects We are interested in Malicious Botnets: From now on: Botnet => Malicious Botnet
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Have financial motives Try to make money by means of: Spam Spy on users (Steal sensitive information) Host a Phishing Site DDoS Click fraud Ex: Storm, Nugache, Conficker, Waledac, ….
Background image of page 4
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Propagation Infect new hosts (recruit new bots) Command and Control (C&C) Distribute commands, updates, patches i.e. Spam mail content, recipients etc. Launch attack
Background image of page 6
Goal is to execute a piece of software on Victim host Exploit vulnerabilities at different levels OS Level exploits Application level exploits Browsers, Flash Player, etc. Locating Victims Scan (Can be prevented by a firewall) Random Hit-list Social Engineering (why firewall is useless?) XSS and Drive-by-downloads
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Centralized Botnets Get commands from a central source IRC Bots, HTTP Bots, Twitter Bots, etc. Single point of failure Cut the head of the botnet Fast-flux, domain-flux to mitigate SPF
Background image of page 8
Fast Flux Bots find their controller via a domain name. Botmaster has many controllers but uses one at a time Update DNS records frequently with very low TTL The controller that the domain name points to continuously changes If a control server is taken down, another will be available very soon. But still a single domain name. A single point
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 41

Lecture 12 - botnetDetection - Baris Coskun Polytechnic...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online