BOTS - The Creation of a Botnet Tracking Web - Caida

obtainablerabbiΔιαχείριση Δεδομένων

31 Ιαν 2013 (πριν από 5 χρόνια και 5 μήνες)

121 εμφανίσεις

July 26, 2005


The Creation of a

Botnet Tracking Web Application

Micah Hoffman


July 26, 2005

What is it?

Apache/PHP/PostgreSQL Web application

It slices. It dices! It tracks:

Bots (both servers and clients)

Bot protocols (e.g., HTTP, IRC, …)

Net info lookups: IP, IP Block, DNS registrar, DNS registrant
and their parent’s information


holders of infected machines

July 26, 2005

But why do we need it?

Standardize input of data

Same person; 2 emails; 30 minutes apart

“Another botnet c&c dns rr… please terminate it.”

“Anoter botnet c&c dns rr… please shut down it.”

Responses from people terminating a botnet C&C


“This one is being taken care of.”

“This host has been nuked.”

Tracking of “reports” through all stages

Similar to a help
desk ticketing system (open, assigned, closed)

July 26, 2005

Are there other reasons?

More secure transmission of data

HTTPS vs. unencrypted email

Maintains history of past events for analysis

Has IP been infected more than once?

Find patterns in infections

Find patterns in suspects (like Zone


Pretty graphs and charts!

July 26, 2005

How will it make us
work more efficiently?

All talking the same language

Targeted notifications (info comes to you)


Pretty graphs and charts!

July 26, 2005

How far along are you?

As of today:

DB Schema is complete

Working on web application logic

Working on coding PHP front

July 26, 2005

What are the future
capabilities of BOTS?

Automated submission of entries through XML/RPC
(security issues)

RSS Feed to data (security issues)

Automated notification of new entries to interested
parties (how?)

Automated penetration of botnet (interesting…)

Malware archive?

Daily/Weekly DB Dumps available for download (like

July 26, 2005

So, can I have the URL
to the live site?


Still coding it.

For more information, access to the site
(when it goes live), or to offer assistance with
PHP coding, DB maintenance, or other issues