INTERNATIONAL UNIVERSITYSchool of Computer Science and Engineering

LAB4a: Botnet

Course: Network Security Lecturer: Pham Van Hau,PhDDate: Duration: 135 minutes

Student ID............................................ Student name……………………………

This lab aims at providing you and hand on experience on botnet. The main objective is to understand its concept. It is not our purpose to study in detail various commands of complex botnet implementations such as Agobot, SDbot. For our purpose, we use https://github.com/coleifer/irc

Hereafter are the instructions to run the botnet1) Download the source from https://github.com/coleifer/irc (or copy it from me) and copy it to the

two virtual machines2) On each virtual machine, run the following commands as root

apt-get install python-dev libpq-dev libevent-dev python-pippip install gevent pip install httplib2pip install irckit

3) Unzip the downloaded file a. tar -xzvf coleifer-irc-b85b218.tar.gzb. cd coleifer-irc-b85b218

4) Read the README.rst to know it works and start the botnet. Hereafter is a its short summary

a. Start the server:Turn on wiresharkpython botnet/bossy.py –c secretbotz_tobe_renamed –n choose_you_word

Task1: Observe the traffic captured by Wireshark and explain what happenb. On the other virtual machine, start the bot

python botnet/worker.py –b choose_you_word Task 2: Observe the traffic captured by Wireshark and explain what happen

c. Task 3: use irc client to connect to the server and issue commands5) Task 4: Propose a way to integrate this simple botnet and the simple worm that you have

studied.6) Task 5: Implement what you have proposed in task 4