botnets

Февраль 28, 2021

Содержание

2. DDoS One of the most common ways to mount a Distributed Denial of Service attacks is
3. IRC Internet Relay Chat Jarkko Oikarinen; 1988 Real time Internet Chat (synchronous conferencing) Designed for group
4. IRC (more) Users and Channels have modes User Modes i – invisible, cannot be seen without
5. IRC (more) Users and Channels have modes Channel Modes o– channel operator p – private channel
6. IRC (more) A user who creates a channel becomes the channel operator operators have more privileges
7. Zombies Network connected computers compromised by a hacker, a virus or a trojan horse program Owners
8. Bot Uses DDos Spamming Sniffing and Keylogging Identity Theft Hosting of Illegal Software (or content)
9. Types of Bots GT-Bot – based on windows IRC client mIRC uses core to hide itself
10. An Attack Attacker spreads a trojan horse to infect various hosts hosts become zombies and connect
12. Скачать презентацию

Слайд 2

DDoS
One of the most common ways to mount a Distributed Denial of

Service attacks is done via networks of zombie computers taking instructions from a central point
Early net were controlled via proprietary software written by the network owner
Today they are mostly controlled by an IRC channel
This makes it easier to control the network and easier for the owner to hide

Слайд 3

IRC
Internet Relay Chat
Jarkko Oikarinen; 1988
Real time Internet Chat (synchronous conferencing)
Designed for

group conferencing
Can do private one-to-one messaging
TCP Port 195 but usually run on 6667 to avoid having to run the server as root.
RFC 1459 also RFCs 2810-2813
Network is usually arranged in an acyclic graph (tree)
Messages only need go down the required branches
Communications are facilitated via channels
Channels can be global to all servers or local to a single server in the network

Слайд 4

IRC (more)
Users and Channels have modes
User Modes
i – invisible, cannot be seen

without a common channel or knowing the exact name
s - Receives server notices
w - Receives wallops
o - ser is an IRC operator (ircop)

Слайд 5

IRC (more)
Users and Channels have modes
Channel Modes
o– channel operator
p – private

channel
s – secret channel
i – invite only
t – topic set by channel operator
n - Users cannot send external messages from outside the channel
m – channel is moderated
l – limited number of users
b – hostmasks (IRC addresses) not allowed on channel
v – gives user voice status
k – sets a channel key

Слайд 6

IRC (more)
A user who creates a channel becomes the channel operator
operators have

more privileges than users
IRC Bots
Bots are a special type of IRC client and are often used for performing automated administrative tasks for the net
treated as a regular user by the servers
but could be a trojan horse installed on a user machine; this constitutes a zombie

Слайд 7

Zombies
Network connected computers compromised by a hacker, a virus or a trojan

horse program
Owners of zombie computers are usually unaware their machine is compromised
Most spam is sent from zombie computers
Used as the bots in many BotNets
Used to mount large scale DDoS attacks

Слайд 8

Bot Uses
DDos
Spamming
Sniffing and Keylogging
Identity Theft
Hosting of Illegal Software (or content)

Слайд 9

Types of Bots
GT-Bot – based on windows IRC client mIRC
uses core to

hide itself on user machine
Agobot – most popular bot used by crackers
written in C++, released under GPL
can be controlled by IRC or other protocols
uses many mechanism to run stealthy
DSNX – Dataspy Network X
C++ released under GPL
plug-in architecture makes it easy to add functionality
SDBot
written in C , released under GPL
harder to use but popular

Слайд 10

An Attack
Attacker spreads a trojan horse to infect various hosts
hosts become zombies

and connect to IRC server on a specific channel as regular user users
channel may be encrypted or open
IRC Server can be on a public network or installed on one of the compromised hosts
Bots listen to the channel for instructions from the operator
operator instructs the net to do “it's stuff”

botnets

Содержание

DDoSOne of the most common ways to mount a Distributed Denial of

IRCInternet Relay ChatJarkko Oikarinen; 1988 Real time Internet Chat (synchronous conferencing)Designed for

IRC (more)Users and Channels have modesUser Modesi – invisible, cannot be seen

IRC (more)Users and Channels have modesChannel Modeso– channel operator p – private

IRC (more)A user who creates a channel becomes the channel operatoroperators have

ZombiesNetwork connected computers compromised by a hacker, a virus or a trojan

Bot UsesDDosSpammingSniffing and KeyloggingIdentity TheftHosting of Illegal Software (or content)

Types of BotsGT-Bot – based on windows IRC client mIRCuses core to

An AttackAttacker spreads a trojan horse to infect various hostshosts become zombies

Похожие презентации