introduction to Botnet
-
Upload
yogendra-singh -
Category
Engineering
-
view
230 -
download
0
description
Transcript of introduction to Botnet
![Page 1: introduction to Botnet](https://reader034.fdocuments.us/reader034/viewer/2022050804/547542abb4af9fb40a8b5b02/html5/thumbnails/1.jpg)
PRESENTATIONON
BOTNET
![Page 2: introduction to Botnet](https://reader034.fdocuments.us/reader034/viewer/2022050804/547542abb4af9fb40a8b5b02/html5/thumbnails/2.jpg)
OUTLINE
Introduction to Botnet Botnet Life-cycle Botnet in Network Security Botnet Uses Botnet Detection Preventing Botnet Infection Botnet Research Conclusion
![Page 3: introduction to Botnet](https://reader034.fdocuments.us/reader034/viewer/2022050804/547542abb4af9fb40a8b5b02/html5/thumbnails/3.jpg)
INTRODUCTION
A Botnet is a network of compromised computers under the control of a remote attacker
controller of a botnet is able to direct the activities of these compromised computers
Botnet Terminology Bot Herder (Bot Master) Bot Bot Client IRC Server Command and Control Channel (C&C)
![Page 4: introduction to Botnet](https://reader034.fdocuments.us/reader034/viewer/2022050804/547542abb4af9fb40a8b5b02/html5/thumbnails/4.jpg)
INTRODUCTION TO BOTNET(TERMINOLOGY)
IRC ChannelIRC Server
Code Server
IRC ChannelC&C Traffic
Updates
Victim
Attack
Bot Master
![Page 5: introduction to Botnet](https://reader034.fdocuments.us/reader034/viewer/2022050804/547542abb4af9fb40a8b5b02/html5/thumbnails/5.jpg)
BOTNET LIFE-CYCLE
![Page 6: introduction to Botnet](https://reader034.fdocuments.us/reader034/viewer/2022050804/547542abb4af9fb40a8b5b02/html5/thumbnails/6.jpg)
BOTNET LIFE-CYCLE
![Page 7: introduction to Botnet](https://reader034.fdocuments.us/reader034/viewer/2022050804/547542abb4af9fb40a8b5b02/html5/thumbnails/7.jpg)
BOTNET LIFE-CYCLE
![Page 8: introduction to Botnet](https://reader034.fdocuments.us/reader034/viewer/2022050804/547542abb4af9fb40a8b5b02/html5/thumbnails/8.jpg)
BOTNET LIFE-CYCLE
![Page 9: introduction to Botnet](https://reader034.fdocuments.us/reader034/viewer/2022050804/547542abb4af9fb40a8b5b02/html5/thumbnails/9.jpg)
BOTNET IN NETWORK SECURITY
Internet users are getting infected by bots Many times corporate and end users are
trapped in botnet attacks Today 16-25% of the computers connected to
the internet are members of a botnet In this network bots are located in various
locations It will become difficult to track illegal
activities This behavior makes botnet an attractive
tool for intruders and increase threat against network security
![Page 10: introduction to Botnet](https://reader034.fdocuments.us/reader034/viewer/2022050804/547542abb4af9fb40a8b5b02/html5/thumbnails/10.jpg)
BOTNET IS USED FOR-
Bot MasterMoney
![Page 11: introduction to Botnet](https://reader034.fdocuments.us/reader034/viewer/2022050804/547542abb4af9fb40a8b5b02/html5/thumbnails/11.jpg)
HOW BOTNET IS USED??
Distributed Denial of Service (DDoS) attacks
Sending Spams Phishing Addware Spyware Click Fraud
![Page 12: introduction to Botnet](https://reader034.fdocuments.us/reader034/viewer/2022050804/547542abb4af9fb40a8b5b02/html5/thumbnails/12.jpg)
BOTNET DETECTION
Two approaches for botnet detection based on
Setting up honeynets Passive traffic monitoring
Signature based Anomaly based DNS based
![Page 13: introduction to Botnet](https://reader034.fdocuments.us/reader034/viewer/2022050804/547542abb4af9fb40a8b5b02/html5/thumbnails/13.jpg)
BOTNET DETECTION:SETTING UP HONEYNETS
Windows Honey pot
Honeywall Responsibilities:
DNS/IP-address of IRC server and port number(optional) password to connect to IRC-serverNickname of botChannel to join and (optional) channel-password
![Page 14: introduction to Botnet](https://reader034.fdocuments.us/reader034/viewer/2022050804/547542abb4af9fb40a8b5b02/html5/thumbnails/14.jpg)
BOTNET DETECTION:SETTING UP HONEYNETSBot
1. Malicious Traffic
Sensor
3. Authorize2. Inform bot’s IP
Bot Master
![Page 15: introduction to Botnet](https://reader034.fdocuments.us/reader034/viewer/2022050804/547542abb4af9fb40a8b5b02/html5/thumbnails/15.jpg)
BOTNET DETECTION:TRAFFIC MONITORING
Signature based: Detection of known botnets
Anomaly based: Detect botnet using following anomalies
High network latency High volume of traffic Traffic on unusual port Unusual system behaviour
DNS based: Analysis of DNS traffic generated by botnets
![Page 16: introduction to Botnet](https://reader034.fdocuments.us/reader034/viewer/2022050804/547542abb4af9fb40a8b5b02/html5/thumbnails/16.jpg)
BOTNET DETECTION
Determining the source of a botnet-based attack is challenging:
Traditional approach:Every zombie host is an attackerBotnets can exist in a benign
state for an arbitrary amount of time before they are used for a specific attack
New trend: P2P networks
![Page 17: introduction to Botnet](https://reader034.fdocuments.us/reader034/viewer/2022050804/547542abb4af9fb40a8b5b02/html5/thumbnails/17.jpg)
PREVENTING BOTNET INFECTIONS
Use a Firewall
Use Antivirus (AV) software
Deploy an Intrusion Prevention System (IPS)
Define a Security Policy and
Share Policies with your users systematically
![Page 18: introduction to Botnet](https://reader034.fdocuments.us/reader034/viewer/2022050804/547542abb4af9fb40a8b5b02/html5/thumbnails/18.jpg)
CONCLUSION
Botnets pose a significant and growing threat against cyber security
It provides key platform for many cyber crimes (DDOS)
As network security has become integral part of our life and botnets have become the most serious threat to it
It is very important to detect botnet attack and find the solution for it
![Page 19: introduction to Botnet](https://reader034.fdocuments.us/reader034/viewer/2022050804/547542abb4af9fb40a8b5b02/html5/thumbnails/19.jpg)