427 Botnet fm qxd



Download 6,98 Mb.
Pdf ko'rish
bet47/387
Sana03.12.2022
Hajmi6,98 Mb.
#878307
1   ...   43   44   45   46   47   48   49   50   ...   387
Bog'liq
Botnets - The killer web applications

What Does a Botnet Do? 
A botnet is a collection of networked computers.They can do anything you
can imagine doing with a collection of networked computers.The next few
topics describe some of the uses of botnets that have been documented to
date.
Recruit Others
The most basic thing each botclient does is to recruit other potential bot-
clients.The botclient may scan for candidate systems. Rbot, for example,
exploits Windows shares in password guessing or brute force attacks so its
botclients scan for other systems that have ports 139 or 445 open, using tools
like smbscan.exe, ntscan.exe, or scan500.exe. It also used the net command
(net view /DOMAIN and net view /DOMAIN:<
domain name
>) to list
NetBIOS names of potential candidate clients.
www.syngress.com
42
Chapter 2 • Botnets Overview
427_Botnet_02.qxd 1/9/07 9:49 AM Page 42

The botclient may be equipped to sniff network traffic for passwords.The
clients use small, specialized password grabbers that collect only enough of the
traffic to grab the username and password data.They may harvest encrypted
forms of passwords in the SAM cache using a program like pwdump2, 3, or 4
and use SAM password crackers like Lopht Crack to break them. For some
encrypted password data, they reformat the password data into a UNIX-like
password file and send it to another, presumably faster, computer to brute
force.
When the botherder discovers a botclient that uses encrypted traffic to a
server, he or she may include a tool, such as Cain and Abel, to perform man-
in-the-middle (MITM) attacks as part of the payload. In the MITM attack
(see Figure 2.2), the botclient convinces other computers on its subnet that it
is actually the default gateway through Arp cache poisoning, and then relays
any data it receives to the actual gateway.
Figure 2.2
Arp Cache Poisoning for MITM Attacks

Download 6,98 Mb.

Do'stlaringiz bilan baham:
1   ...   43   44   45   46   47   48   49   50   ...   387



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish