427 Botnet fm qxd



Download 6,98 Mb.
Pdf ko'rish
bet366/387
Sana03.12.2022
Hajmi6,98 Mb.
#878307
1   ...   362   363   364   365   366   367   368   369   ...   387
Bog'liq
Botnets - The killer web applications

www.syngress.com
442
Chapter 12 • Responding to Botnets
427_Botnet_12.qxd 1/9/07 3:08 PM Page 442

Law Enforcement
If you choose, you can report a botnet to either the FBI or the Secret Service.
Reporting a botnet to the IC3 (www.IC3.gov) lets the IC3 determine the
agency with jurisdiction, but does not give you the option of following progress
on the case. If you need to be able to report the outcome, they will need to
report it to the FBI or the Secret Service.The Secret Service is usually respon-
sible for cases involving credit cards and some other financial crimes.The FTC
can also be involved in cases of phishing or identity theft.
Use law enforcement to identify and track the botherder for prosecution
or civil suits.You can ask your prosecuting attorney’s office to issue a sub-
poena to obtain customer information or connection information.
Sometimes, an ISP will require a court order for connection information.To
gain access to content, it is usually necessary for law enforcement to obtain a
warrant for search or seizure of any local infected host. Onsite, the target host
should be disconnected from the network. Image the host’s hard drive using
tools capable of making a forensically sound image. Ask the system adminis-
trators to assist in obtaining information about the following:

The botnet channel and its moderator (identity information; when
the user account, if there is one, was created). Note that IRC does
not require the user to have an account on the system.

Other channels the botherder moderated or used.

When the channel(s) were created.

Whether the botherder connects locally or remotely, and if remotely,
using which IP addresses.

Any useful system logs or other file traces associated with the attack.
You may need to repeat this process for systems the botherder used to access
your system.You should try to confirm that the system had no Remote Access
Trojan (RAT) through which the botherder could have entered.The ISP for
this system may have valuable logs about the activities of the botherder that can
alert you that this next system may be the actual botherder’s system.
The law enforcement and judicial system interface is another place for
improvements. With spam in the millions and botnets of multi-thousand
computers spread across the globe, the current process of having to speak to
and gain permission from a person in the court system is no longer viable. A

Download 6,98 Mb.

Do'stlaringiz bilan baham:
1   ...   362   363   364   365   366   367   368   369   ...   387



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish