SlideShare uma empresa Scribd logo

Defense against botnets

Transferir como PPTX, PDF
Vaibhav Ahlawat
Vaibhav Ahlawat

This document discusses botnets and defenses against them. It describes different types of botnets including IRC, HTTP, and peer-to-peer botnets. Detection techniques are discussed including passive monitoring of network traffic, analysis of spam attacks, and active infiltration of botnets. Countermeasures are also outlined such as blacklisting botnet IP addresses, seizing botnet command and control domains, and educating users.

1 de 30
DEFENSE AGAINST BOTNETS
STRUCTURE Botnets :-  Introduction  Types of Botnets  Real World Scenarios Defense :-  Detection of Botnets  Counter Measures
INTRODUCTION
T YPES OF BOTNETS  IRC Botnets  HTTP Botnets  Peer-to-Peer Botnets
IRC BOTNETS  Internet Relay Chat(IRC) is a type of a messaging service.  IRC Botnets use IRC servers to issue commands.
IRC BOTNETS
IRC BOTNETS
IRC BOTNETS
IRC BOTNETS
IRC BOTNETS
HTTP BOTNETS
HTTP BOTNETS
PEER-TO-PEER BOTNETS
REAL WORLD SCENARIO  How can botnets be used : - • Distributed Denial of Ser vice Attacks (DDoS) • Spamming • Snif fing Traf fic & Key logging. • Identity Thef t • Attacking IRC Chat Networks • Hosting of Illegal Sof tware • Google AdSense Abuse & Adver tisement Addons • Manipulating online polls
DETECTION TECHNIQUES  Passive Data gathered through observation. • Packet Inspection • Analysis of flow records • Analysis of SPAM Attacks  Active Detection by being involved i.e. interacting with the botnet. (drawback)Can result in DDOS attack against the analyst, changing of ip’s, protocols etc. • Sink holding • Infiltration • Peer-to-peer botnet enumeration
PASSIVE DETECTION  Packet Inspection Inspect network data packets • Match various protocol fields. • Match payload against a predefined pattern of suspicious content. Drawbacks:- • Wouldn’t scale • Only known patterns are detected
PASSIVE DETECTION  Analysis of flow records Tracing network traf fic at an abstract level. Instead of inspecting individual packets communication streams are considered in aggregate form. We look into:- • Source, destination address • Related port no’s • Duration of session • Cumulative size and no of transmitted packets. • Protocol used inside packets. Advantage:- higher amount of traf fic can be monitored. Eg. ‘Net Flow’ protocol from cisco.
PASSIVE DETECTION  Analysis of SPAM attacks • Spam mails are analyzed and similar templates are grouped. • These templates can then be matched to a corresponding botnet. For this special Honey pots called honey tokens are used .
PASSIVE DETECTION  Honeypot:- It is a trap to detect, deflect or in some manner counter act an attempt at unauthorized use of Information system.  Honey Token:- Spam traps consisting of email addresses with no productive function other than to receive unsolicited emails.
PASSIVE DETECTION  Other Techniques:- • Analysis of log files. • Evaluation of anti-virus software feedback. • DNS based approaches.
ACTIVE TECHNIQUES  Sink Holding • Technical countermeasure for cutting of f a malicious control source from rest of the botnet. • Eg. By changing the targeted malicious domain name so that it points to machine controlled by a trusted party.
ACTIVE DETECTION  Infiltration Aims to take control of the botnet. • Hardware- if ip address is known all communications can be wiretapped with the help of hosting company. • Software- Imitating the communication mechanisms used by the botnet.
ACTIVE DETECTION  Peer-to-peer botnet enumeration Repeatedly querying peers for their neighbor list. This includes reverse engineering. • Creating a implementation of the botnet to perform the enumeration task.
TECHNICAL COUNTERMEASURES  Blacklisting • Block all traf fic from included addresses. • Search engine or browser can filter or mark such websites.  Distribution of fake/traceable credentials. • Populate fake data into our records like credit card details. • Fake data lowers quality of stolen information • Generate mistrust among criminals.
TECHNICAL COUNTERMEASURES  BGP Block holing Null routing malicious hosts to deny traf fic from or to their network. Null-Routing:- It is a process of silently dropping the packets originated from or destined for such addresses.  DNS based countermeasure • Malicious domains can be shut down. • Require court warrant. • Sometimes twitter and rss feeds are used to give commands, doesn’t work in that case.
TECHNICAL COUNTERMEASURES  Port 25 Blocking Spam mails would not be sent.  Peer to peer counter measure Pollute the peer-to-peer list Results in • Loss of overall connectivity • Due to size limitations older original peers will get replaced by fake peers.
SOCIAL COUNTERMEASURES  Dedicated laws.  User awareness.  Use of anti-virus software etc.
QUERIES ?
STAY SECURE!!! THANKS…
Defense against botnets

Recomendados

Vulnerability and Penetration Testing
Vulnerability and Penetration TestingVulnerability and Penetration Testing
Vulnerability and Penetration TestingJeffery Brown
 
Open source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisOpen source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisGTKlondike
 
Network forensics1
Network forensics1Network forensics1
Network forensics1Santosh Khadsare
 
Network based file carving
Network based file carvingNetwork based file carving
Network based file carvingGTKlondike
 
Forensic Analysis - Empower Tech Days 2013
Forensic Analysis - Empower Tech Days 2013Forensic Analysis - Empower Tech Days 2013
Forensic Analysis - Empower Tech Days 2013Islam Azeddine Mennouchi
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wiresharkn|u - The Open Security Community
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
 
A taxonomy of botnet detection approaches
A taxonomy of botnet detection approachesA taxonomy of botnet detection approaches
A taxonomy of botnet detection approachesFabrizio Farinacci
 

Recomendados

Vulnerability and Penetration Testing
Vulnerability and Penetration TestingVulnerability and Penetration Testing
Vulnerability and Penetration TestingJeffery Brown
 
Open source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisOpen source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisGTKlondike
 
Network forensics1
Network forensics1Network forensics1
Network forensics1Santosh Khadsare
 
Network based file carving
Network based file carvingNetwork based file carving
Network based file carvingGTKlondike
 
Forensic Analysis - Empower Tech Days 2013
Forensic Analysis - Empower Tech Days 2013Forensic Analysis - Empower Tech Days 2013
Forensic Analysis - Empower Tech Days 2013Islam Azeddine Mennouchi
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wiresharkn|u - The Open Security Community
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
 
A taxonomy of botnet detection approaches
A taxonomy of botnet detection approachesA taxonomy of botnet detection approaches
A taxonomy of botnet detection approachesFabrizio Farinacci
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissancemaroti164
 
A Taxonomy of Botnet Detection Approaches
A Taxonomy of Botnet Detection ApproachesA Taxonomy of Botnet Detection Approaches
A Taxonomy of Botnet Detection ApproachesFabrizio Farinacci
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics IntroJake K.
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessLeon Teale
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHackingAve Nawsh
 
Botnet and its Detection Techniques
Botnet and its Detection Techniques Botnet and its Detection Techniques
Botnet and its Detection Techniques SafiUllah Saikat
 
Classifying IoT malware delivery patterns for attack detection
Classifying IoT malware delivery patterns for attack detectionClassifying IoT malware delivery patterns for attack detection
Classifying IoT malware delivery patterns for attack detectionFabrizio Farinacci
 
CV updated
CV updatedCV updated
CV updatedDeborah Brosene
 
(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scopeINSIGHT FORENSIC
 
Auto sign an automatic signature generator for high-speed malware filtering d...
Auto sign an automatic signature generator for high-speed malware filtering d...Auto sign an automatic signature generator for high-speed malware filtering d...
Auto sign an automatic signature generator for high-speed malware filtering d...UltraUploader
 
Ce hv8 module 03 scanning networks
Ce hv8 module 03 scanning networksCe hv8 module 03 scanning networks
Ce hv8 module 03 scanning networksMehrdad Jingoism
 
Hacking
HackingHacking
HackingRoshan Chaudhary
 
Hacking
HackingHacking
Hackingrameswara reddy venkat
 
Crimeppt
CrimepptCrimeppt
CrimepptKalaiselvi k
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In DetailGreater Noida Institute Of Technology
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorialMSA Technosoft
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Communityamiable_indian
 
Malicious Domain Profiling
Malicious Domain Profiling Malicious Domain Profiling
Malicious Domain Profiling E Hacking
 
A walk through Windows firewall and Netsh commands
A walk through Windows firewall and Netsh commandsA walk through Windows firewall and Netsh commands
A walk through Windows firewall and Netsh commandsRhydham Joshi
 
Banner grabbing
Banner grabbingBanner grabbing
Banner grabbingarizonainfotech
 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesSam Bowne
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolIssar Kapadia
 

Mais conteúdo relacionado

Mais procurados

Reconnaissance
ReconnaissanceReconnaissance
Reconnaissancemaroti164
 
A Taxonomy of Botnet Detection Approaches
A Taxonomy of Botnet Detection ApproachesA Taxonomy of Botnet Detection Approaches
A Taxonomy of Botnet Detection ApproachesFabrizio Farinacci
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics IntroJake K.
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessLeon Teale
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHackingAve Nawsh
 
Botnet and its Detection Techniques
Botnet and its Detection Techniques Botnet and its Detection Techniques
Botnet and its Detection Techniques SafiUllah Saikat
 
Classifying IoT malware delivery patterns for attack detection
Classifying IoT malware delivery patterns for attack detectionClassifying IoT malware delivery patterns for attack detection
Classifying IoT malware delivery patterns for attack detectionFabrizio Farinacci
 
(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scopeINSIGHT FORENSIC
 
Auto sign an automatic signature generator for high-speed malware filtering d...
Auto sign an automatic signature generator for high-speed malware filtering d...Auto sign an automatic signature generator for high-speed malware filtering d...
Auto sign an automatic signature generator for high-speed malware filtering d...UltraUploader
 
Ce hv8 module 03 scanning networks
Ce hv8 module 03 scanning networksCe hv8 module 03 scanning networks
Ce hv8 module 03 scanning networksMehrdad Jingoism
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Communityamiable_indian
 
Malicious Domain Profiling
Malicious Domain Profiling Malicious Domain Profiling
Malicious Domain Profiling E Hacking
 
A walk through Windows firewall and Netsh commands
A walk through Windows firewall and Netsh commandsA walk through Windows firewall and Netsh commands
A walk through Windows firewall and Netsh commandsRhydham Joshi
 

Mais procurados (20)

Reconnaissance
ReconnaissanceReconnaissance
Reconnaissance
 
A Taxonomy of Botnet Detection Approaches
A Taxonomy of Botnet Detection ApproachesA Taxonomy of Botnet Detection Approaches
A Taxonomy of Botnet Detection Approaches
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics Intro
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awareness
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHacking
 
Botnet and its Detection Techniques
Botnet and its Detection Techniques Botnet and its Detection Techniques
Botnet and its Detection Techniques
 
Classifying IoT malware delivery patterns for attack detection
Classifying IoT malware delivery patterns for attack detectionClassifying IoT malware delivery patterns for attack detection
Classifying IoT malware delivery patterns for attack detection
 
CV updated
CV updatedCV updated
CV updated
 
(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope
 
Auto sign an automatic signature generator for high-speed malware filtering d...
Auto sign an automatic signature generator for high-speed malware filtering d...Auto sign an automatic signature generator for high-speed malware filtering d...
Auto sign an automatic signature generator for high-speed malware filtering d...
 
Ce hv8 module 03 scanning networks
Ce hv8 module 03 scanning networksCe hv8 module 03 scanning networks
Ce hv8 module 03 scanning networks
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
Crimeppt
CrimepptCrimeppt
Crimeppt
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In Detail
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Community
 
Malicious Domain Profiling
Malicious Domain Profiling Malicious Domain Profiling
Malicious Domain Profiling
 
A walk through Windows firewall and Netsh commands
A walk through Windows firewall and Netsh commandsA walk through Windows firewall and Netsh commands
A walk through Windows firewall and Netsh commands
 
Banner grabbing
Banner grabbingBanner grabbing
Banner grabbing
 

Semelhante a Defense against botnets

Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesSam Bowne
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolIssar Kapadia
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay aliveqqlan
 
Sergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveSergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveDefconRussia
 
2014.7.9 detecting p2 p botnets through network behavior analysis and machine...
2014.7.9 detecting p2 p botnets through network behavior analysis and machine...2014.7.9 detecting p2 p botnets through network behavior analysis and machine...
2014.7.9 detecting p2 p botnets through network behavior analysis and machine...ericsuboy
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
 
An Toan Thong Tin.pptx
An Toan Thong Tin.pptxAn Toan Thong Tin.pptx
An Toan Thong Tin.pptxVuongPhm
 
Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51martinvoelk
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AlivePositive Hack Days
 
New Botnets Trends and Threats (BH Europe 2007)
New Botnets Trends and Threats (BH Europe 2007)New Botnets Trends and Threats (BH Europe 2007)
New Botnets Trends and Threats (BH Europe 2007)André Fucs de Miranda
 
Types of Attack in Information and Network Security
Types of Attack in Information and Network SecurityTypes of Attack in Information and Network Security
Types of Attack in Information and Network Securitypadmeshagrekar
 
Network Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxNetwork Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxtalkaton
 

Semelhante a Defense against botnets (20)

Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection tool
 
arun.ppt
arun.pptarun.ppt
arun.ppt
 
Ids
IdsIds
Ids
 
arun.ppt
arun.pptarun.ppt
arun.ppt
 
DDOS ATTACKS
DDOS ATTACKSDDOS ATTACKS
DDOS ATTACKS
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay alive
 
Sergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveSergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay alive
 
2014.7.9 detecting p2 p botnets through network behavior analysis and machine...
2014.7.9 detecting p2 p botnets through network behavior analysis and machine...2014.7.9 detecting p2 p botnets through network behavior analysis and machine...
2014.7.9 detecting p2 p botnets through network behavior analysis and machine...
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey Gordeychik
 
An Toan Thong Tin.pptx
An Toan Thong Tin.pptxAn Toan Thong Tin.pptx
An Toan Thong Tin.pptx
 
Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay Alive
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
BOTLAB excersise
BOTLAB excersiseBOTLAB excersise
BOTLAB excersise
 
New Botnets Trends and Threats (BH Europe 2007)
New Botnets Trends and Threats (BH Europe 2007)New Botnets Trends and Threats (BH Europe 2007)
New Botnets Trends and Threats (BH Europe 2007)
 
Network security
Network securityNetwork security
Network security
 
Types of Attack in Information and Network Security
Types of Attack in Information and Network SecurityTypes of Attack in Information and Network Security
Types of Attack in Information and Network Security
 
Network Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxNetwork Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptx
 

Defense against botnets

  • 1. DEFENSE AGAINST BOTNETS
  • 2. STRUCTURE Botnets :-  Introduction  Types of Botnets  Real World Scenarios Defense :-  Detection of Botnets  Counter Measures
  • 4. T YPES OF BOTNETS  IRC Botnets  HTTP Botnets  Peer-to-Peer Botnets
  • 5. IRC BOTNETS  Internet Relay Chat(IRC) is a type of a messaging service.  IRC Botnets use IRC servers to issue commands.
  • 14. REAL WORLD SCENARIO  How can botnets be used : - • Distributed Denial of Ser vice Attacks (DDoS) • Spamming • Snif fing Traf fic & Key logging. • Identity Thef t • Attacking IRC Chat Networks • Hosting of Illegal Sof tware • Google AdSense Abuse & Adver tisement Addons • Manipulating online polls
  • 15. DETECTION TECHNIQUES  Passive Data gathered through observation. • Packet Inspection • Analysis of flow records • Analysis of SPAM Attacks  Active Detection by being involved i.e. interacting with the botnet. (drawback)Can result in DDOS attack against the analyst, changing of ip’s, protocols etc. • Sink holding • Infiltration • Peer-to-peer botnet enumeration
  • 16. PASSIVE DETECTION  Packet Inspection Inspect network data packets • Match various protocol fields. • Match payload against a predefined pattern of suspicious content. Drawbacks:- • Wouldn’t scale • Only known patterns are detected
  • 17. PASSIVE DETECTION  Analysis of flow records Tracing network traf fic at an abstract level. Instead of inspecting individual packets communication streams are considered in aggregate form. We look into:- • Source, destination address • Related port no’s • Duration of session • Cumulative size and no of transmitted packets. • Protocol used inside packets. Advantage:- higher amount of traf fic can be monitored. Eg. ‘Net Flow’ protocol from cisco.
  • 18. PASSIVE DETECTION  Analysis of SPAM attacks • Spam mails are analyzed and similar templates are grouped. • These templates can then be matched to a corresponding botnet. For this special Honey pots called honey tokens are used .
  • 19. PASSIVE DETECTION  Honeypot:- It is a trap to detect, deflect or in some manner counter act an attempt at unauthorized use of Information system.  Honey Token:- Spam traps consisting of email addresses with no productive function other than to receive unsolicited emails.
  • 20. PASSIVE DETECTION  Other Techniques:- • Analysis of log files. • Evaluation of anti-virus software feedback. • DNS based approaches.
  • 21. ACTIVE TECHNIQUES  Sink Holding • Technical countermeasure for cutting of f a malicious control source from rest of the botnet. • Eg. By changing the targeted malicious domain name so that it points to machine controlled by a trusted party.
  • 22. ACTIVE DETECTION  Infiltration Aims to take control of the botnet. • Hardware- if ip address is known all communications can be wiretapped with the help of hosting company. • Software- Imitating the communication mechanisms used by the botnet.
  • 23. ACTIVE DETECTION  Peer-to-peer botnet enumeration Repeatedly querying peers for their neighbor list. This includes reverse engineering. • Creating a implementation of the botnet to perform the enumeration task.
  • 24. TECHNICAL COUNTERMEASURES  Blacklisting • Block all traf fic from included addresses. • Search engine or browser can filter or mark such websites.  Distribution of fake/traceable credentials. • Populate fake data into our records like credit card details. • Fake data lowers quality of stolen information • Generate mistrust among criminals.
  • 25. TECHNICAL COUNTERMEASURES  BGP Block holing Null routing malicious hosts to deny traf fic from or to their network. Null-Routing:- It is a process of silently dropping the packets originated from or destined for such addresses.  DNS based countermeasure • Malicious domains can be shut down. • Require court warrant. • Sometimes twitter and rss feeds are used to give commands, doesn’t work in that case.
  • 26. TECHNICAL COUNTERMEASURES  Port 25 Blocking Spam mails would not be sent.  Peer to peer counter measure Pollute the peer-to-peer list Results in • Loss of overall connectivity • Due to size limitations older original peers will get replaced by fake peers.
  • 27. SOCIAL COUNTERMEASURES  Dedicated laws.  User awareness.  Use of anti-virus software etc.
  • 29. STAY SECURE!!! THANKS…