July 26, 2005
BOTS
The Creation of a
Botnet Tracking Web Application
Micah Hoffman
US
-
CERT
July 26, 2005
What is it?
•
Apache/PHP/PostgreSQL Web application
•
It slices. It dices! It tracks:
•
Bots (both servers and clients)
•
Bot protocols (e.g., HTTP, IRC, …)
•
Net info lookups: IP, IP Block, DNS registrar, DNS registrant
and their parent’s information
•
Suspects/Perpetrators
•
Stake
-
holders of infected machines
July 26, 2005
But why do we need it?
•
Standardize input of data
•
Same person; 2 emails; 30 minutes apart
•
“Another botnet c&c dns rr… please terminate it.”
•
“Anoter botnet c&c dns rr… please shut down it.”
•
Responses from people terminating a botnet C&C
•
“Closed”
•
“This one is being taken care of.”
•
“This host has been nuked.”
•
Tracking of “reports” through all stages
•
Similar to a help
-
desk ticketing system (open, assigned, closed)
July 26, 2005
Are there other reasons?
•
More secure transmission of data
•
HTTPS vs. unencrypted email
•
Maintains history of past events for analysis
•
Has IP 1.2.3.4 been infected more than once?
•
Find patterns in infections
•
Find patterns in suspects (like Zone
-
H)
•
Trends
•
Pretty graphs and charts!
July 26, 2005
How will it make us
work more efficiently?
•
All talking the same language
•
Targeted notifications (info comes to you)
•
Trending
•
Pretty graphs and charts!
July 26, 2005
How far along are you?
•
As of today:
•
DB Schema is complete
•
Working on web application logic
•
Working on coding PHP front
-
end
July 26, 2005
What are the future
capabilities of BOTS?
•
Automated submission of entries through XML/RPC
(security issues)
•
RSS Feed to data (security issues)
•
Automated notification of new entries to interested
parties (how?)
•
Automated penetration of botnet (interesting…)
•
Malware archive?
•
Daily/Weekly DB Dumps available for download (like
http://osvdb.org/database
-
info.php)
July 26, 2005
So, can I have the URL
to the live site?
•
Uh…no.
•
Still coding it.
•
For more information, access to the site
(when it goes live), or to offer assistance with
PHP coding, DB maintenance, or other issues
contact
micah.hoffman@us
-
cert.gov
- Αρχική
- Περιήγηση
- Όλες οι Κατηγορίες
- Internet και Εφαρμογές Web
- Αποθήκευση
- Ασφάλεια
- Βιοτεχνολογία
- Δίκτυα και Επικοινωνίες
- Διακομιστές
- Διαχείριση
- Διαχείριση Δεδομένων
- Επιχειρησιακές Εφαρμογές
- Ηλεκτρονική - Συσκευές
- Ημιαγωγοί
- Κινητά – Ασύρματες Τεχνολογίες
- Λογισμικό & κατασκευή λογ/κού
- Μηχανική
- Περιβαλλοντική Τεχνολογία
- Πετρελαϊκά και Εξόρυξη
- Πολεοδομικά Έργα
- Τεχνίτη Νοημοσύνη και Ρομποτική
- Τηλεπικοινωνίες
- Ψυχαγωγία
- Κοινότητα
- Μεταφόρτωση
![Draft WG 7 Botnet Metrics Guide [docx]](https://d1dft99ig719u9.cloudfront.net/thumbdoc/hamburgerfensucked/draft_wg_7_botnet_metrics_guide_docx_bc1b9c09-7f60_2.jpg "Draft WG 7 Botnet Metrics Guide [docx]")
Σχόλια 0
Συνδεθείτε για να κοινοποιήσετε σχόλιο