427 Botnet fm qxd



Download 6,98 Mb.
Pdf ko'rish
bet71/387
Sana03.12.2022
Hajmi6,98 Mb.
#878307
1   ...   67   68   69   70   71   72   73   74   ...   387
Bog'liq
Botnets - The killer web applications

www.syngress.com
Botnets Overview • Chapter 2
75
427_Botnet_02.qxd 1/9/07 9:49 AM Page 75

427_Botnet_02.qxd 1/9/07 9:49 AM Page 76

Alternative 
Botnet C&Cs
Solutions in this chapter:

Historical C&C Technology as a Road Map

DNS and C&C Technology
Chapter 3
77
Summary
Solutions Fast Track
Frequently Asked Questions
427_Botnet_03.qxd 1/8/07 11:56 AM Page 77

Introduction: Why Are 
There Alternative C&Cs?
Before discussing alternative botnet command and control (C&C) technology,
its advances over the years, and the latest in both operational and technolog-
ical innovation, we need to ask ourselves: why create alternative technology
when good, old IRC usage is still valid, useful, and moreover, better than
most new approaches?
For over a decade, botnet technology has been based on IRC. Meaning,
the Trojan horses acting as bots would use the IRC protocol to connect as
clients to IRC servers.These servers would then be the means by which the
botnet controller (also known in recent years as botnet master or herder)
would control the army.
IRC technology is robust and has been around for a long time, but there
are several key issues that make it last longer than most other technologies
when used for botnet C&Cs:

It’s interactive: While being a relatively simple protocol, IRC is inter-
active and allows for easy full-duplex and responsive communication
between both sides (client and server).

It’s easy to create: Building an IRC server is very easy, and there are
enough established servers to use if necessary.

It’s easy to create and control several botnets using one server: Using
functionality such as nicknames and chat channels, password pro-
tecting channels, etc.

It’s easy to create redundancy: By linking several servers, redundancy
is achieved.
IRC has proven itself many times over, but it also has an Achilles’ heel—it
is centralized. By definition, a botnet is an army of compromised computers
reporting to receive commands from a central location.That very same central
location (or locations), if discovered, could be interrupted. It could be
reported to the authority hosting it (in all likelihood, unwillingly) and it
could get blocked or null-routed by ISPs.There are people out there from the
authorities to volunteer botnet hunters who do this daily: find a C&C server

Download 6,98 Mb.

Do'stlaringiz bilan baham:
1   ...   67   68   69   70   71   72   73   74   ...   387



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish