Cyber Crime and Cyber Terrorism


partners (PPI business model) (



Download 5,67 Mb.
Pdf ko'rish
bet244/283
Sana19.05.2022
Hajmi5,67 Mb.
#604880
1   ...   240   241   242   243   244   245   246   247   ...   283
Bog'liq
Cyber crime and cyber terrorism investigators handbook by Babak


partners (PPI business model) (
Figure 17.5
).
BOTNETS HOW DO THEY WORK. NETWORK TOPOLOGIES AND 
PROTOCOLS
As mentioned in the introduction a botnet is a network of infected computers (bots 
or zombies) managed by attackers, through one or more Command & Control Server 
and due to the inoculation of malware. The controller of a botnet, also known as 
Botmaster, controls the activities of the entire structure (from specific orders to soft-
ware updates) through different communication channels.
The level of diffusion of the botnets depends on the capabilities of botmasters to 
involve the largest number of machines trying to hide both the activities of the mali-
cious architecture and the location of the C&C servers.
We will not make reference to infection or dissemination practices of the payload 
because already mentioned in the introduction (e.g., Blackhole) and because it is 
intimately linked to the exploitation of the vulnerabilities of compromised systems 
(out of scope).
Trying to categorize the concept of botnet is not an easy task. There are many 
purposes for which these architectures are designed and created. They inevitably 
influence factors such as the malware used to compromise victims, rather than the 
technology involved (
Balapure, 2013

Paganini, P., 2013a, 2013b, 2013c
).
Firm Infrastructure
Human Resource Management
Technological Development
Procurement
Inbound Logistics
Opera
tions
Outbound Logistics
Mar
keting and Sales
Ser
vice
Margin
Margin
Prima
ry
 Activities
Support Activities
FIGURE 17.5
The Porter's value chain.


241
 
Botnets how do they work. Network topologies and protocols
Botnets could be discriminated, for example, by their architecture. Some networks 
are based on one or more C&C, every bot is directly connected with Command & 
Control servers. The C&C manages a list of infected machines, monitors their status 
and gives them operative instructions.
This type of architecture is quite simple to organize and manage, but has the 
drawback of being very vulnerable, since turning-off the C&C server(s) would cause 
the malfunction of the entire botnet. The server(s) in fact represent a single point of 
failure since the operation of the whole botnet is functional to the capacity of its bots 
to reach the control systems.
Initially C&C IP addresses were hardcoded into each bot, which made their iden-
tification easier and resulted in their eventual disruption by researchers, but the “at-
tackers” learn from their failures every time. For example a natural evolution could 
be the use of a reverse proxy (in some environments called rendez-vous point) to ad-
dress a C&C server. In this way is easier to hide C&C IP addresses and the botmaster 
identities (but we have just moved the single point of failure from the C&C to the 
Reverse Proxy). This is the case of centralized architectures (
Figure 17.6
).
A more radical and increasingly popular way to increase botnet resilience is to 
organize the botnet in decentralized architectures as a Peer-to-Peer (P2P) network. 
In a P2P botnet, bots connect to other bots to exchange C&C traffic, eliminating the 
need for centralized servers. As a result, P2P botnets cannot be disrupted using the 
traditional approach of attacking centralized infrastructures.

Download 5,67 Mb.

Do'stlaringiz bilan baham:
1   ...   240   241   242   243   244   245   246   247   ...   283




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish