427 Botnet fm qxd



Download 6,98 Mb.
Pdf ko'rish
bet73/387
Sana03.12.2022
Hajmi6,98 Mb.
#878307
1   ...   69   70   71   72   73   74   75   76   ...   387
Bog'liq
Botnets - The killer web applications

www.syngress.com
Alternative Botnet C&Cs • Chapter 3
79
427_Botnet_03.qxd 1/8/07 11:56 AM Page 79

to back then as a drone) would seek to let its master know it was there.This
would most commonly be achieved by sending a private message to a logged
on user (the botnet controller) or by joining a chat channel.The bot would
then echo something such as:
“Hi! I am here master! My IP is 127.0.0.1 and I am listening on port
666!”
The nickname or chat channel would be the control channel, while the
announcement message sent would be the echo.
As the technology advanced, control channels became more sophisticated.
As an example, a chat channel would be used but it would be password pro-
tected (a key would be set on IRC). Botnets became a menace. Mostly they
would be IRC based, and they would connect to public IRC networks.They
would mainly be used to attack users on IRC, on and off IRC (“flood” on
IRC or distributed denial of service attack—DDoS—off IRC).The public
networks needed this stopped.To that end, they would take over control
channel nicknames or chat channels and make sure the botnet controller
would not be able to use them.This caused the bad guys to change strategy
and use private or compromised computers for their bot army, achieving a
higher level of security.
At this stage, folks would look for these private servers and try to listen in
and disturb the botnet operations—snoop.This caused the bad guys to once
again escalate and start adding further security to their private servers as well
to their bots (the Trojan horses):

The servers would be made to not respond to IRC commands such
as those showing any type of information that could be of use to a
third party. IRC nicknames would be made invisible when inside a
chat channel other than to the botnet controller, etc. Whatever
changes were made, however, had to also still allow the bots them-
selves to connect.

The bots would be programmed with the password to the server
and/or chat channel, etc. However, the botnet hunters would use the
server IP address, the channel name, and the password to snoop and
make like a bot, connecting to the server much like a bot would.
Sometimes, the bots would also be programmed to respond only to
certain nicknames, host names, and encrypted commands.

Download 6,98 Mb.

Do'stlaringiz bilan baham:
1   ...   69   70   71   72   73   74   75   76   ...   387



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish