Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.

Published byCarol Crawford Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen."— Presentation transcript:

1 1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen

2 ECE 4112 - Internetwork Security 2 What is a Botnet? Attacker controls remote computer  Any attack that allows execution of code  Virus, worm, Trojan horse, etc.  Controlled machine known as “zombie” “Phones home” via IRC  Joins a pre-specified channel  Attacker gives commands on channel Network of these machines is a botnet

3 ECE 4112 - Internetwork Security 3 Controlling a Botnet Attacker IRC Server Zombie

4 ECE 4112 - Internetwork Security 4 How big is a Botnet? Size ranges from 10 to 10,000 Largest recorded: 50,000 Could be much larger

5 ECE 4112 - Internetwork Security 5 Purpose of Botnets Spamming  Send large amounts of text to chat rooms in mIRC  Send out spam emails Sniffing Traffic  Use packet sniffers to find passwords and usernames on supposedly secure networks

6 ECE 4112 - Internetwork Security 6 Purpose of Botnets (cont’d) Keylogging  Log and send private information like name, ssn, credit card info etc. Spread Malware  Install various malicious programs Install Advertisement addons  Make money from autoclicking banners Manipulate online polls

7 ECE 4112 - Internetwork Security 7 Purpose of Botnets (cont’d) DDOS  Even a small botnet (~1000 machines) can be effective. –Each computer is attacking, which can offer more than 100Mb/sec in an attack This is enough to cripple most Company networks  A large botnet (~50000 machines) –Each computer contributes roughly 128Kb/sec on average. –Roughly 5000Mb/sec

8 ECE 4112 - Internetwork Security 8 Often used in Corporate attacks. Easily disable most networks Become a kind of Hacker Mercenary

9 ECE 4112 - Internetwork Security 9 What can a typical bot do? Gather Computer Information  Cpu speed, memory, etc Keylogger  Credit card information, name, ssn etc Portscan  Bypass firewalls by scanning from behind the firewall Infect other computers with the trojan

10 ECE 4112 - Internetwork Security 10 Types of Bots Script Based  Run from installing a IRC client and running malicious scripts on it. Code based  Run from an executable created from a source code file, do not require any other files than the initial executable.

11 ECE 4112 - Internetwork Security 11 Detecting a Botnet Packet sniffing does not work  IRC helps to make master anonymous.  Infected computers typically send spoofed packets. Manual Detection  Watch IRC clients for odd activity  Look for suspicious names  Look for login verification

12 ECE 4112 - Internetwork Security 12 Who does a Botmaster target? Most botnets spread from old exploits  Most targeted computers are “home pc” as many users do not patch their operating system. –Allows botnets to run rampant and infect large amounts of computers automatically

13 ECE 4112 - Internetwork Security 13 What protects against infection? A botnet is basically just a special form of trojan  Firewalls  Anti-Virus  Intelligent Downloading

14 ECE 4112 - Internetwork Security 14 What will you do in lab? Install mIRC Connect to the IRC Server View source code for both GT-bot and SD- bot, some of the earlier bots Configure and infect a computer with both bots

15 ECE 4112 - Internetwork Security 15 Control each bot and compare the power of each Explore the capabilities of a botnet

16 ECE 4112 - Internetwork Security 16 Conclusions Easy to spread Hard to detect Very powerful

17 ECE 4112 - Internetwork Security 17 Questions? Comments?

18 ECE 4112 - Internetwork Security 18 References http://askmatador.com/ep/bots/ http://www.honeynet.org/papers/bots/ http://zine.dal.net/previousissues/issue22/ botnet.phphttp://zine.dal.net/previousissues/issue22/ botnet.php

Download ppt "1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen."

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Botnets ECE 4112 Lab 10 Group 19.

Botnets ECE 4112 Lab 10 Group 19.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.

Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Trojan Horse Program Presented by : Lori Agrawal.

Trojan Horse Program Presented by : Lori Agrawal.
Computer Viruses.

Computer Viruses.
 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 

 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 
Threats To A Computer Network

Threats To A Computer Network
BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.

BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.
CS 450 - Nathan Digangi.  Secret, undocumented routine embedded within a useful program  Execution of the program results in execution of secret code.

CS Nathan Digangi.  Secret, undocumented routine embedded within a useful program  Execution of the program results in execution of secret code.
1 Understanding Botnet Phenomenon MITP 458 - Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.

1 Understanding Botnet Phenomenon MITP Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.
Bots and Botnets CS-431 Dick Steflik. DDoS ● One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie.

Bots and Botnets CS-431 Dick Steflik. DDoS ● One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
COMPUTER TERMS PART 2. NETWORK When you have two or more computers connected to each other, you have a network. The purpose of a network is to enable.

COMPUTER TERMS PART 2. NETWORK When you have two or more computers connected to each other, you have a network. The purpose of a network is to enable.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
2009/9/151 Rishi : Identify Bot Contaminated Hosts By IRC Nickname Evaluation Reporter : Fong-Ruei, Li Machine Learning and Bioinformatics Lab In Proceedings.

2009/9/151 Rishi : Identify Bot Contaminated Hosts By IRC Nickname Evaluation Reporter : Fong-Ruei, Li Machine Learning and Bioinformatics Lab In Proceedings.

Similar presentations

Ads by Google