CS Network Security: Botnets
|
|
- Bryce Bond
- 8 years ago
- Views:
Transcription
1 CS Network Security: Botnets Professor Patrick Traynor Fall 2011
2 Story 2
3 Botnets A botnet is a network of software robots (bots) run on zombie machines which run are controlled by command and control networks IRCbots - command and control over IRC Bot herder - owner/controller of network "scrumping" - stealing resources from a computer Surprising Factoid: the IRC server is exposed. 3
4 Statistics (controversial) The actual number of bots, the size of the botnets and the activity is highly controversial. As of 2005/6: hundreds of thousands of bots 1/4 of hosts are now part of bot-nets Growing fast (many more bots) Assertion: botnets are getting smaller(?!?) When they become large, they are more likely to be to to be noticed and targeted for takedown. 4
5 What are botnets being used for? piracy mining attacks hosting Activities we have seen Stealing CD Keys: 50 botnets PRIVMSG #atta :BGR $getcdkeys BGR ,000 PRIVMSG #atta :Microsoft Windows Product ID bots/net CD Key: ( ). BGR PRIVMSG #atta :[CDKEYS]: Search completed. Clients/servers spread around the world Reading a user's clipboard: B][!Guardian@globalop.xxx.xxx PRIVMSG ##chem## :~getclip Ch3m !~zbhibvn@xxx-7CCCB7AA.click-network.com PRIVMSG ##chem## :- [Clipboard Data]- Ch3m !~zbhibvn@xxx-7CCCB7AA.click-network.com PRIVMSG ##chem## :If You think the refs screwed the seahawks over put your name down!!! Different geographic concentrations DDoS someone: devil!evil@admin.of.hell.network.us PRIVMSG #t3rr0r0fc1a :!pflood s7n 2K503827!s7s@ PRIVMSG #t3rr0r0fc1a :\002Packets\002 \002D\002one \002;\002>\n s7n 2K503827!s7s@ PRIVMSG #t3rr0r0fc1a flooding...\n Set up a web-server (presumably for phishing): [DeXTeR]!alexo@l broadband.actcom.net.il PRIVMSG [Del]29466 :.http 7564 c:\\ [Del]38628!zaazbob@born113.athome233.wau.nl PRIVMSG _[DeXTeR] :[HTTPD]: Server listening on IP: :7564, Directory: c:\\. 5
6 Other goals of a botnet... SPAM relays Click fraud Spamdexing Adware 6
7 IRC one-to-many or many-to-many chat (for BBS) Client/server -- TCP Port 6667 Used to report on 1991 Soviet coup attempt Channels (sometimes password protected) are used to communicate between parties. Invisible mode (no list, not known) Invite only (must be invited to participate) Server Server Server Server Server 7
8 IRC botnets An army of compromised hosts ( bots ) coordinated via a command and control center (C&C). The perpetrator is usually called a botmaster. IRC Server Find and infect more machines! Bots (Zombies) A botnet is comparable to compulsory military service for windows boxes -- Bjorn Stromberg 8
9 Typical (IRC) infection cycle optional Bots usually require some form of authentication from their botmaster 9
10 P2P Botnets Bots that rely on centralized communications mechanisms such as IRC are generally easy to attack. Single point of failure for the bad guys... Increasingly, botnets have turned to P2P-based architectures to avoid such weaknesses. e.g., Slapper, Phatbot, Conficker What are the challenges for a botmaster relying on a P2P architecture? 10
11 P2P Botnets What advantages do defenders have in this situation? How do communication patterns compare to IRC bots? How do you tell between legitimate P2P traffic and that associated with bots? 11
12 Wireless/Mobile Mobile devices offer new avenues for botnets. With the ability to communicate over multiple (5) interfaces, how does a provider defend against such multi-homed botnets? How does this change the game in terms of communications strategies for botmasters? 12
13 Infection Worms, Tojan horses, backdoors, browser-bugs, etc... Note: the software on these systems is updated Bot theft: bot controllers penetrate/"steal" bots. 13
14 Not only for launching attacks... Some botmasters pay very close attention to their bots hence covert infiltration is important In many cases, Botmasters inspect their bots fairly regularly, and isolate certain bots ( cherry picking ) #HINDI-FILMZ :#1 294x [698M] [Movie] Dil Bechara Pyar Ka Mara DvD-RiP [ Full / AVI / 2001 ] #HINDI-FILMZ :#2 126x [141K] [English Subtitles] Dil Bechara Pyar Ka Mara #HINDI-FILMZ :** 2 packs ** 3 of 3 slots open, Record: 45.3KB/s #HINDI-FILMZ :** Bandwidth Usage ** Current: 0.0KB/s, Record: 304.5KB/s #HINDI-FILMZ :** To request a file type: /"/msg [HF]-[Street-Hunk]-30 xdcc send #x/" ** #HINDI-FILMZ :** -= #Hindi-Filmz=- ** #HINDI-FILMZ :** I M 100% Desi!! ** #HINDI-FILMZ :Total Offered: MB Total Transferred: GB That s a lot of movies served! ( ~ 300) 14
15 How are researchers learning? Honeypots are often used to attract, observer and eventually dissect bots. A number of recent efforts in this space have actually hijacked active botnets. Large portions of these networks have been monitored:... to learn about the targets of the botnet (and their success in exploiting them).... to learn about weaknesses in their architecture to use as a means of potentially interfering with the botnet.... to figure out whether deployed defenses are helping at all. 15
16 Lots of bots out there Level of botnet threat is supported by the conjecture that large numbers of bots are available to inflict damage Press Quotes Three suspects in a Dutch crime ring hacked 1.5 million computers worldwide, setting up a zombie network, Associated Press The bot networks that Symantec discovers run anywhere from 40 systems to 400,000, Symantec 16
17 Measuring botnet size Two main categories Indirect methods: inferring botnet size by exploiting the side-effects of botnet activity (e.g., DNS requests) Direct methods: exploiting internal information from monitoring botnet activity 17
18 Indirect Methods Mechanism DNS blacklists DNS snooping What does it provide? DNS footprint Caveats DNS footprint is only a lower bound of the actual infection footprint of the botnet DNS records with small TTLs DNS servers blocking external requests (~50%) 18
19 DNS Blacklist The value of a bot is related to its status on the DNS blacklists Compromised hosts often used as SMTP servers for sending spam. DNS blacklists are lists maintained by providers that indicate that SPAM has been received by them. Organizations review blacklists before allowing mail from a host. A "clean" bot (not listed) is worth a lot A listed bot is largely blocked from sending SPAM A B C D E F... 19
20 DNS-BL Monitoring Observation: bot controllers/users need to query for BL status of hosts to determine value. Idea: if you watch who is querying (and you can tell the difference from legitimate queries), then you know something is a bot Understanding the in/out ratio: λ n = d n,out d n,in Q: what does a high ratio mean? Low? #queries by host #queries for host 20
21 Direct Methods Mechanisms Infiltrate botnets and directly count online bots DNS redirection (by Dagon et al.) What do they provide? Infection footprint & effective size (infiltration) Infection footprint (DNS redirection) Caveats Cloning (infiltration) Counting IDs vs. counting IPs (infiltration) Measuring membership in DNS sinkhole (DNS redirection) Botmasters block broadcasts on C&C channel (infiltration) (~48%) 21
22 Estimating size [Monrose et. al] DNS redirection sinkhole Identify, then self poison DNS entries DNS cache hits Idea: query for IRC server to see if in cache If yes, at least one bot in the network within the TTL (see [14]) Limitations: TTL, not all servers answer, lower bound on bots 22
23 How many bots? Approach: infiltration templates based on collected honeynet data, e.g., observing compromised hosts that are identified within the channel How many? 1.1 million distinct user IDs used 425 thousand distinct IP addresses Issues: NAT/DHCP? Cloaked IP address (SOCKS proxies?) Botnet membership overlap 23
24 Botnet size, what does it mean? Infection Footprint: the total number of infected bots throughout a botnet s lifetime Relevance: how wide spread the botnet infection Effective Botnet Size: the number of bots simultaneously connected to the command and control channel Relevance: the botnet capacity to execute botmaster commands (e.g., flood attacks) An Example: While a botnet appeared to have a footprint of 45,000 bots, the number of online bots (i.e. its effective size) was < 3,000 24
25 Are we counting unique infections? Temporary migration Cloning Cloning activity observed in 20% of the botnets tracked (moving between bot channels) 130,000 bots created more than 2 million clones during our tracking period 25
26 Summary Size estimation is harder than it seems Botnet size should be a qualified term Different size definitions lead to radically different estimates Current estimation techniques are laden with a number of caveats Cloning, counting method, migration, botnet structures, DHCP, NAT, etc. A prudent study of the problem requires persistent multifaceted tracking of botnet activity 26
Lecture 19 - Network Security
Lecture 19 - Network Security CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Exploiting the network... The Internet is extremely
More informationCSC574 Computer and Network Security Module: Internet Malware
CSC574 Computer and Network Security Module: Internet Malware Prof. William Enck Spring 2013 1 Worms A worm is a self-propagating program. As relevant to this discussion 1. Exploits some vulnerability
More informationChanging threat landscape The Botnet perspective
Changing threat landscape The Botnet perspective Online Interactions Changing and Increasing INSTANT MESSAGING MUSIC BLOGS GAMES FILE SHARING CALENDAR 2 ND GENERATION CHAT PC Centric Online Centric PICTURES
More informationMultifaceted Approach to Understanding the Botnet Phenomenon
Multifaceted Approach to Understanding the Botnet Phenomenon Christos P. Margiolas University of Crete A brief presentation for the paper: Multifaceted Approach to Understanding the Botnet Phenomenon Basic
More informationA Critical Investigation of Botnet
Global Journal of Computer Science and Technology Network, Web & Security Volume 13 Issue 9 Version 1.0 Year 2013 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals
More informationSecurity workshop Protection against botnets. Belnet Aris Adamantiadis Brussels 18 th April 2013
Security workshop Belnet Aris Adamantiadis Brussels 18 th April 2013 Agenda What is a botnet? Symptoms How does it work? Life cycle How to fight against botnets? Proactive and reactive NIDS 2 What is a
More informationNetwork attack and defense
Network attack and defense CS 594 Special Topics/Kent Law School: Computer and Network Privacy and Security: Ethical, Legal, and Technical Consideration 2007, 2008 Robert H. Sloan 1 Outline 1. Overview
More informationThe HoneyNet Project Scan Of The Month Scan 27
The HoneyNet Project Scan Of The Month Scan 27 23 rd April 2003 Shomiron Das Gupta shomiron@lycos.co.uk 1.0 Scope This month's challenge is a Windows challenge suitable for both beginning and intermediate
More informationBotnets. Botnets and Spam. Joining the IRC Channel. Command and Control. Tadayoshi Kohno
CSE 490K Lecture 14 Botnets and Spam Tadayoshi Kohno Some slides based on Vitaly Shmatikov s Botnets! Botnet = network of autonomous programs capable of acting on instructions Typically a large (up to
More informationDetecting peer-to-peer botnets
Detecting peer-to-peer botnets Reinier Schoof & Ralph Koning System and Network Engineering University of Amsterdam mail: reinier.schoof@os3.nl, ralph.koning@os3.nl February 4, 2007 1 Introduction Spam,
More informationAgenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka
Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques
More informationSpyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.
Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References
More informationBotNets- Cyber Torrirism
BotNets- Cyber Torrirism Battling the threats of internet Assoc. Prof. Dr. Sureswaran Ramadass National Advanced IPv6 Center - Director Why Talk About Botnets? Because Bot Statistics Suggest Assimilation
More informationOverview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms
Overview Common Internet Threats Tom Chothia Computer Security, Lecture 19 Phishing Sites Trojans, Worms, Viruses, Drive-bydownloads Net Fast Flux Domain Flux Infiltration of a Net Underground economy.
More informationLASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains
LASTLINE WHITEPAPER Using Passive DNS Analysis to Automatically Detect Malicious Domains Abstract The domain name service (DNS) plays an important role in the operation of the Internet, providing a two-way
More informationAbout Botnet, and the influence that Botnet gives to broadband ISP
About net, and the influence that net gives to broadband ISP Masaru AKAI BB Technology / SBB-SIRT Agenda Who are we? What is net? About Telecom-ISAC-Japan Analyzing code How does net work? BB Technology
More informationAn Efficient Methodology for Detecting Spam Using Spot System
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 1, January 2014,
More informationENEE 757 CMSC 818V. Prof. Tudor Dumitraș Assistant Professor, ECE University of Maryland, College Park
21. Botnets ENEE 757 CMSC 818V Prof. Tudor Dumitraș Assistant Professor, ECE University of Maryland, College Park http://ter.ps/757 https://www.facebook.com/sdsatumd Today s Lecture Where we ve been AuthenDcaDon
More informationJK0 015 CompTIA E2C Security+ (2008 Edition) Exam
JK0 015 CompTIA E2C Security+ (2008 Edition) Exam Version 4.1 QUESTION NO: 1 Which of the following devices would be used to gain access to a secure network without affecting network connectivity? A. Router
More informationSecurity A to Z the most important terms
Security A to Z the most important terms Part 1: A to D UNDERSTAND THE OFFICIAL TERMINOLOGY. This is F-Secure Labs. Learn more about the most important security terms with our official explanations from
More informationBOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL
BOTNETS Douwe Leguit, Manager Knowledge Center GOVCERT.NL Agenda Bots: what is it What is its habitat How does it spread What are its habits Dutch cases Ongoing developments Visibility of malware vs malicious
More informationImplementation of Botcatch for Identifying Bot Infected Hosts
Implementation of Botcatch for Identifying Bot Infected Hosts GRADUATE PROJECT REPORT Submitted to the Faculty of The School of Engineering & Computing Sciences Texas A&M University-Corpus Christi Corpus
More informationDenial of Service (DoS) Technical Primer
Denial of Service (DoS) Technical Primer Chris McNab Principal Consultant, Matta Security Limited chris.mcnab@trustmatta.com Topics Covered What is Denial of Service? Categories and types of Denial of
More informationMalicious Network Traffic Analysis
Malicious Network Traffic Analysis Uncover system intrusions by identifying malicious network activity. There are a tremendous amount of network based attacks to be aware of on the internet today and the
More informationSeminar Computer Security
Seminar Computer Security DoS/DDoS attacks and botnets Hannes Korte Overview Introduction What is a Denial of Service attack? The distributed version The attacker's motivation Basics Bots and botnets Example
More informationCertified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison
CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation
More informationSymantec enterprise security. Symantec Internet Security Threat Report April 2009. An important note about these statistics.
Symantec enterprise security Symantec Internet Security Threat Report April 00 Regional Data Sheet Latin America An important note about these statistics The statistics discussed in this document are based
More informationGlobal Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team
Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team The Internet is in the midst of a global network pandemic. Millions of computers
More informationDescription: Course Details:
Course: Malicious Network Traffic Analysis Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Description: There are a tremendous amount of network based attacks to be aware of on the internet
More informationCSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks
CSE 3482 Introduction to Computer Security Denial of Service (DoS) Attacks Instructor: N. Vlajic, Winter 2015 Learning Objectives Upon completion of this material, you should be able to: Explain the basic
More informationBOTs: Cyber-zombies. Tom Kellermann, CISM World Bank Treasury Security Team July 2004
BOTs: Cyber-zombies Tom Kellermann, CISM World Bank Treasury Security Team July 2004 BOTs Bot is short for robot, a program that provides services such as IRC channel management, IRC channel spying, network
More informationWHITE PAPER. Understanding How File Size Affects Malware Detection
WHITE PAPER Understanding How File Size Affects Malware Detection FORTINET Understanding How File Size Affects Malware Detection PAGE 2 Summary Malware normally propagates to users and computers through
More informationExtending Black Domain Name List by Using Co-occurrence Relation between DNS queries
Extending Black Domain Name List by Using Co-occurrence Relation between DNS queries Kazumichi Sato 1 keisuke Ishibashi 1 Tsuyoshi Toyono 2 Nobuhisa Miyake 1 1 NTT Information Sharing Platform Laboratories,
More informationWhy to talk about Botnets
Botnets 1 Why to talk about Botnets Botnet could be a most powerful supercomputer in the world [1]. Recent attack on Estonia. Vehicle for cyber-terrorism and cyber crime. Very serious security threat that
More informationA TASTE OF HTTP BOTNETS
Botnets come in many flavors. As one might expect, these flavors all taste different. A lot of Internet users have had their taste of IRC, P2P and HTTP based botnets as their computers were infected with
More informationDenial of Service Attacks
(DoS) What Can be DoSed? First Internet DoS Attack The TCP State Diagram SYN Flooding Anti-Spoofing Better Data Structures Attacking Compact Data Structures Generic Solution SYN Cookies It s Not Perfect
More informationHow To Stop A Ddos Attack On A Website From Being Successful
White paper Combating DoS/DDoS Attacks Using Cyberoam Eliminating the DDoS Threat by Discouraging the Spread of Botnets www.cyberoam.com Introduction Denial of Service (DoS) and Distributed Denial of Service
More informationBOTNET Detection Approach by DNS Behavior and Clustering Analysis
BOTNET Detection Approach by DNS Behavior and Clustering Analysis Vartika Srivastava, Ashish Sharma Dept of Computer science and Information security, JIIT Noida, India Abstract -Botnets are one of the
More informationProtecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper
Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges
More informationCEH Version8 Course Outline
CEH Version8 Course Outline Module 01: Introduction to Ethical Hacking Information Security Overview Information Security Threats and Attack Vectors Hacking Concepts Hacking Phases Types of Attacks Information
More informationUnderstanding & Preventing DDoS Attacks (Distributed Denial of Service) A Report For Small Business
& Preventing (Distributed Denial of Service) A Report For Small Business According to a study by Verizon and the FBI published in 2011, 60% of data breaches are inflicted upon small organizations! Copyright
More informationRam Dantu. VOIP: Are We Secured?
Ram Dantu Professor, Computer Science and Engineering Director, Center for Information and Computer Security University of North Texas rdantu@unt.edu www.cse.unt.edu/~rdantu VOIP: Are We Secured? 04/09/2012
More informationStorm Worm & Botnet Analysis
Storm Worm & Botnet Analysis Jun Zhang Security Researcher, Websense Security Labs June 2008 Introduction This month, we caught a new Worm/Trojan sample on ours labs. This worm uses email and various phishing
More informationDDoS Attacks & Mitigation
DDoS Attacks & Mitigation Sang Young Security Consultant ws.young@stshk.com 1 DoS Attack DoS & DDoS an attack render a target unusable by legitimate users DDoS Attack launch the DoS attacks from various
More informationMy Botnet is Bigger than Yours (Maybe, Better than Yours) :
My Botnet is Bigger than Yours (Maybe, Better than Yours) : why size estimates remain challenging Moheeb Abu Rajab Jay Zarfoss Fabian Monrose Andreas Terzis Computer Science Department Johns Hopkins University
More informationEmail David-Kovarik@northwestern.edu Phone 847-467-5930 Fax 847-467-6000
Information Technology Information and Systems Security/Compliance Northwestern University 1800 Sherman Av Suite 209 Evanston, IL 60201 Email David-Kovarik@northwestern.edu Phone 847-467-5930 Fax 847-467-6000
More informationBotnets: The Advanced Malware Threat in Kenya's Cyberspace
Botnets: The Advanced Malware Threat in Kenya's Cyberspace AfricaHackon 28 th February 2014 Who we Are! Paula Musuva-Kigen Research Associate Director, Centre for Informatics Research and Innovation (CIRI)
More informationSpyware. Summary. Overview of Spyware. Who Is Spying?
Spyware US-CERT Summary This paper gives an overview of spyware and outlines some practices to defend against it. Spyware is becoming more widespread as online attackers and traditional criminals use it
More informationDetailed Description about course module wise:
Detailed Description about course module wise: Module 1: Basics of Networking and Major Protocols 1.1 Networks and its Types. 1.2 Network Topologies 1.3 Major Protocols and their Functions 1.4 OSI Reference
More informationSECURITY TERMS: Advisory Backdoor - Blended Threat Blind Worm Bootstrapped Worm Bot Coordinated Scanning
SECURITY TERMS: Advisory - A formal notice to the public on the nature of security vulnerability. When security researchers discover vulnerabilities in software, they usually notify the affected vendor
More informationBOTNETS THE THREAT TO THE CRITICAL NATIONAL INFRASTRUCTURE BRIEFING 11A/2005
BOTNETS THE THREAT TO THE CRITICAL NATIONAL INFRASTRUCTURE BRIEFING 11A/2005 17 OCTOBER 2005 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor
More informationVIDEO Intypedia013en LESSON 13: DNS SECURITY. AUTHOR: Javier Osuna García-Malo de Molina. GMV Head of Security and Process Consulting Division
VIDEO Intypedia013en LESSON 13: DNS SECURITY AUTHOR: Javier Osuna García-Malo de Molina GMV Head of Security and Process Consulting Division Welcome to Intypedia. In this lesson we will study the DNS domain
More informationTHE BEST WAY TO CATCH A THIEF. Patrick Bedwell, Vice President, Product Marketing
THE BEST WAY TO CATCH A THIEF Patrick Bedwell, Vice President, Product Marketing AlienVault Vision Accelerating and simplifying threat detection and incident response for IT teams with limited resources,
More information5 DNS Security Risks That Keep You Up At Night (And How To Get Back To Sleep)
5 DNS Security Risks That Keep You Up At Night (And How To Get Back To Sleep) survey says: There are things that go bump in the night, and things that go bump against your DNS security. You probably know
More informationHow to Stop Spam Emails and Bounces
Managing Your Email Reputation For most companies and organizations, email is the most important means of business communication. The value of email today, however, has been compromised by the rampant
More informationTop 5 Essential Log Reports
Top 5 Essential Log Reports Version 1.0 Contributors: Chris Brenton - Independent Security Consultant - chris@chrisbrenton.org Tina Bird, Security Architect, PGP Corporation Marcus J Ranum, CSO, Tenable
More informationCurrent Threat Scenario and Recent Attack Trends
Current Threat Scenario and Recent Attack Trends Anil Sagar Additional Director Indian Computer Emergency Response Team (CERT-In) Objectives Current Cyber space Nature of cyberspace and associated risks
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationNetwork Security Workshop
Network Security Workshop Threat Pragmatics Fakrul (Pappu) Alam bdhub Limited fakrul@bdhub.com Targets Many sorts of targets: Network infrastructure Network services Application services User machines
More informationA Literature Survey About Recent Botnet Trends
A Literature Survey About Recent Botnet Trends GÉANT 3 JRA2 T4: Internal deliverable Emre YÜCE ULAKBİM, Turkey emre@ulakbim.gov.tr June 19, 2011 Abstract Today botnets are seen to be one of the main sources
More informationSECURING APACHE : DOS & DDOS ATTACKS - II
SECURING APACHE : DOS & DDOS ATTACKS - II How DDoS attacks are performed A DDoS attack has to be carefully prepared by the attackers. They first recruit the zombie army, by looking for vulnerable machines,
More informationProtecting the Infrastructure: Symantec Web Gateway
Protecting the Infrastructure: Symantec Web Gateway 1 Why Symantec for Web Security? Flexibility and Choice Best in class hosted service, appliance, and virtual appliance (upcoming) deployment options
More informationMalware Analysis Quiz 6
Malware Analysis Quiz 6 1. Are these files packed? If so, which packer? The file is not packed, as running the command strings shelll reveals a number of interesting character sequences, such as: irc.ircnet.net
More informationStopping zombies, botnets and other email- and web-borne threats
Stopping zombies, botnets and other email- and web-borne threats Hijacked computers, or zombies, hide inside networks where they send spam, steal company secrets, and enable other serious crimes. This
More informationDistributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment
Distributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment Keyur Chauhan 1,Vivek Prasad 2 1 Student, Institute of Technology, Nirma University (India) 2 Assistant Professor,
More information2010 Carnegie Mellon University. Malware and Malicious Traffic
Malware and Malicious Traffic What We Will Cover Introduction Your Network Fundamentals of networks, flow, and protocols Malicious traffic External Events & Trends Malware Networks in the Broad Working
More informationProxies. Chapter 4. Network & Security Gildas Avoine
Proxies Chapter 4 Network & Security Gildas Avoine SUMMARY OF CHAPTER 4 Generalities Forward Proxies Reverse Proxies Open Proxies Conclusion GENERALITIES Generalities Forward Proxies Reverse Proxies Open
More informationIRC Forensic Basics. by: James Guess. Internet Relay Chat (IRC) first met the world in the late 1980 s. It was the first
IRC Forensic Basics by: James Guess Origins of IRC Internet Relay Chat (IRC) first met the world in the late 1980 s. It was the first globally accessible chat network. The designers originally intended
More informationCountermeasures against Bots
Countermeasures against Bots Are you sure your computer is not infected with Bot? Information-technology Promotion Agency IT Security Center http://www.ipa.go.jp/security/ 1. What is a Bot? Bot is a computer
More informationOverview of computer and communications security
Overview of computer and communications security 2 1 Basic security concepts Assets Threats Security services Security mechanisms 2 Assets Logical resources Information Money (electronic) Personal data
More informationDetection of Botnets Using Honeypots and P2P Botnets
Detection of Botnets Using Honeypots and P2P Botnets Rajab Challoo Dept. of Electrical Engineering & Computer Science Texas A&M University Kingsville Kingsville, 78363-8202, USA Raghavendra Kotapalli Dept.
More information1 Introduction. Agenda Item: 7.23. Work Item:
3GPP TSG SA WG3 Security S3#34 S3-040583 6-9 Jul 2004 updated S3-040566 Acapulco, Mexico Title: Selective Disabling of UE Capabilities; updated S3-040566 based on the comments on SA3 mailing list Source:
More informationData Centers Protection from DoS attacks. Trends and solutions. Michael Soukonnik, Radware Ltd michaels@radware.com Riga. Baltic IT&T. 21.04.
Data Centers Protection from DoS attacks. Trends and solutions Michael Soukonnik, Radware Ltd michaels@radware.com Riga. Baltic IT&T. 21.04.2010 Cybercrime Trends Page 2 Types of DoS attacks and classical
More informationHONEYPOT SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region
HONEYPOT SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationThe author(s) shown below used Federal funds provided by the U.S. Department of Justice and prepared the following final report:
The author(s) shown below used Federal funds provided by the U.S. Department of Justice and prepared the following final report: Document Title: Author: Examining the Creation, Distribution, and Function
More informationACCEPTABLE USE AND TAKEDOWN POLICY
ACCEPTABLE USE AND TAKEDOWN POLICY This Acceptable Use and Takedown Policy ( Acceptable Use Policy ) of Wedding TLD2, LLC (the Registry ), is to be read together with the Registration Agreement and words
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More informationBOTNET SPREADING DETECTION AND PREVENTION VIA WEBSITES
BOTNET SPREADING DETECTION AND PREVENTION VIA WEBSITES Jonas Juknius, Nikolaj Goranin Vilnius Gediminas Technical University, Faculty of Fundamental Sciences Saulėtekio al. 11, 10223 Vilnius In this article
More informationEmail. Daniel Zappala. CS 460 Computer Networking Brigham Young University
Email Daniel Zappala CS 460 Computer Networking Brigham Young University How Email Works 3/25 Major Components user agents POP, IMAP, or HTTP to exchange mail mail transfer agents (MTAs) mailbox to hold
More informationNETWORKS AND THE INTERNET
NETWORKS AND THE INTERNET Outline to accompany the slide presentation 1. Networks and the Internet A Primer for Prosecutors and Investigators 2. Getting There From networks to the Internet Locating a place
More informationNetworks and the Internet A Primer for Prosecutors and Investigators
Computer Crime & Intellectual Property Section Networks and the Internet A Primer for Prosecutors and Investigators Michael J. Stawasz Senior Counsel Computer Crime and Intellectual Property Section ()
More informationWhose IP Is It Anyways: Tales of IP Reputation Failures
Whose IP Is It Anyways: Tales of IP Reputation Failures SESSION ID: SPO-T07 Michael Hamelin Lead X-Force Security Architect IBM Security Systems @HackerJoe What is reputation? 2 House banners tell a story
More informationHow CNCERT/CC fighting to Botnets. Dr.Mingqi CHEN CNCERT/CC March 31, 2006. Beijing
How CNCERT/CC fighting to Botnets Dr.Mingqi CHEN CNCERT/CC March 31, 2006. Beijing Part 1 Content New security threats Part 2 How to detect and handle BotNets Part 3 Fighting BotNets Activities Part 4
More informationMulti-phase IRC Botnet and Botnet Behavior Detection Model
Multi-phase IRC otnet and otnet ehavior Detection Model Aymen Hasan Rashid Al Awadi Information Technology Research Development Center, University of Kufa, Najaf, Iraq School of Computer Sciences Universiti
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationINFORMATION SECURITY REVIEW
INFORMATION SECURITY REVIEW 14.10.2008 CERT-FI Information Security Review 3/2008 In the summer, information about a vulnerability in the internet domain name service (DNS) was released. If left unpatched,
More informationDetecting Bots with Automatically Generated Network Signatures
Detecting Bots with Automatically Generated Network Signatures Peter Wurzinger, Leyla Bilge, Thorsten Holz, Jan Goebel, Christopher Kruegel, Engin Kirda,, {pw,tho}@seclab.tuwien.ac.at Institute Eurecom,
More information1 Introduction. Agenda Item: 7.23. Work Item:
3GPP TSG SA WG3 Security S3#34 S3-040682 6-9 Jul 2004 updated S3-040632 Acapulco, Mexico Title: Selective Disabling of UE Capabilities; updated S3-040583 based on the comments in SA3#34 meeting Source:
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 2 Systems Threats and Risks Objectives Describe the different types of software-based attacks List types of hardware attacks Define
More informationShellshock. Oz Elisyan & Maxim Zavodchik
Shellshock By Oz Elisyan & Maxim Zavodchik INTRODUCTION Once a high profile vulnerability is released to the public, there will be a lot of people who will use the opportunity to take advantage on vulnerable
More informationES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS
ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS The Internet Threat Landscape Symantec TM Dean Turner Director Global Intelligence Network Symantec Security
More informationERT Attack Report. Attacks on Large US Bank During Operation Ababil. March 2013
Attacks on Large US Bank During Operation Ababil March 2013 Table of Contents Executive Summary... 3 Background: Operation Ababil... 3 Servers Enlisted to Launch the Attack... 3 Attack Vectors... 4 Variations
More information1 2013 Infoblox Inc. All Rights Reserved. Securing the critical service - DNS
1 2013 Infoblox Inc. All Rights Reserved. Securing the critical service - DNS Dominic Stahl Systems Engineer Central Europe 11.3.2014 Agenda Preface Advanced DNS Protection DDOS DNS Firewall dynamic Blacklisting
More informationThreatSTOP Technology Overview
ThreatSTOP Technology Overview The Five Parts to ThreatSTOP s Service We provide 5 integral services to protect your network and stop botnets from calling home ThreatSTOP s 5 Parts: 1 Multiple threat feeds
More information2014 ASE BIGDATA/SOCIALCOM/CYBERSECURITY Conference, Stanford University, May 27-31, 2014 ASE 2014 ISBN: 978-1-62561-000-3 1
ASE 2014 ISBN: 978-1-62561-000-3 1 Network Traffic Analysis of ZeroAccess Bot Shree Garg, Anil K. Sarje, Sateesh K. Peddoju Department of Computer Science & Engineering Indian Institute of Technology Roorkee,
More informationResilient Botnet Command and Control with Tor
Resilient Botnet Command and Control with Tor Dennis Brown July 2010 10/14/10 1 Who am I? Dennis Brown Security Researcher for Tenable Network Solutions Toorcon 10, 11 Defcon 18 PaulDotCom Podcast Rhode
More informationSecurity Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?
Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? This paper presents a scenario in which an attacker attempts to hack into the internal network
More informationCS 356 Lecture 16 Denial of Service. Spring 2013
CS 356 Lecture 16 Denial of Service Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter
More informationSAC 025 SSAC Advisory on Fast Flux Hosting and DNS
Fast and Double Flux Attacks 1 SAC 025 SSAC Advisory on Fast Flux Hosting and DNS An Advisory from the ICANN Security and Stability Advisory Committee (SSAC) January 2008 Fast and Double Flux Attacks 2
More informationCYBERTRON NETWORK SOLUTIONS
CYBERTRON NETWORK SOLUTIONS CybertTron Certified Ethical Hacker (CT-CEH) CT-CEH a Certification offered by CyberTron @Copyright 2015 CyberTron Network Solutions All Rights Reserved CyberTron Certified
More information