427 Botnet fm qxd



Download 6,98 Mb.
Pdf ko'rish
bet74/387
Sana03.12.2022
Hajmi6,98 Mb.
#878307
1   ...   70   71   72   73   74   75   76   77   ...   387
Bog'liq
Botnets - The killer web applications

www.syngress.com
80
Chapter 3 • Alternative Botnet C&Cs
427_Botnet_03.qxd 1/8/07 11:56 AM Page 80

From this point on it was a never-ending war of escalations—the botnet
hunters looking to disturb the botnet operations and thus adapting to the
latest technology (reacting) and the botnets controller inventing new tech-
nologies to maintain operations.
DNS and C&C Technology
Following from the use of private servers and passwords, C&C technology
continued to develop.
The first technology to be introduced consisted of multiple IRC servers
interconnected (or linked) using the IRC server technology, rather than just
stand-alone servers. IRC is built in a fashion that several servers can be inter-
linked to form a network of hubs, branches, and leaves. When you use this
technology, the address of all servers are hard-coded into a bot, and it tries to
connect to each of the addresses. When a connection is made, the same IRC
channel can be entered ( joined), where the botnet controller will be giving
instructions.
By itself, this technology would make it difficult for the botnet hunters to
take down the whole network, especially if new servers were introduced con-
stantly.Yet, how were the bots to know where the new servers were, if they
were hard-coded with an address of servers that no longer existed? This tech-
nology had its limits, introducing the use of DNS records (RRs) to the C&C
realm.
Back then and up to about the year 2002, DNS was manifested in two
main uses: domain names and multihoming. Both of them were facilitated,
finding the botnet C&C, as well as keeping it alive on the Internet, before
connection to the actual C&C server.
Domain Names
By using DNS, the bots were given a host address to connect to (such as a
Third-Level Domain [3LD], a record for something like
botnet.example.com), which would point to the actual IP address of the
C&C server, serving the very purpose DNS was built for. When a C&C
server on a certain IP address was no longer usable for whatever reason, a new
IP address could replace it, while the bots still connected to the same address

Download 6,98 Mb.

Do'stlaringiz bilan baham:
1   ...   70   71   72   73   74   75   76   77   ...   387



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish