BOTS - The Creation of a Botnet Tracking Web - Caida

Διαχείριση Δεδομένων

από obtainablerabbi

31 Ιαν 2013 (πριν από 5 χρόνια και 5 μήνες)

121 εμφανίσεις

Αγαπημένα Αναφορά Κατέβασμα (.PPT 282KB)

121

Σύνολο Προβολών

120

Προβολές στο TechyLib

Προβολές από Ενσωμάτωση

Αγαπημένα

Downloads

Πλάτος: pixels

Ύψος: pixels

Αφότου κάνετε την επιλογή σας, κάντε αντιγραφή και επικόλληση τον κώδικα ενσωμάτωσης που θα εμφανιστεί.

July 26, 2005

BOTS

The Creation of a

Botnet Tracking Web Application

Micah Hoffman

US
-
CERT

July 26, 2005

What is it?

•
Apache/PHP/PostgreSQL Web application

•
It slices. It dices! It tracks:

•
Bots (both servers and clients)

•
Bot protocols (e.g., HTTP, IRC, …)

•
Net info lookups: IP, IP Block, DNS registrar, DNS registrant
and their parent’s information

•
Suspects/Perpetrators

•
Stake
-
holders of infected machines

July 26, 2005

But why do we need it?

•
Standardize input of data

•
Same person; 2 emails; 30 minutes apart

•
“Another botnet c&c dns rr… please terminate it.”

•
“Anoter botnet c&c dns rr… please shut down it.”

•
Responses from people terminating a botnet C&C

•
“Closed”

•
“This one is being taken care of.”

•
“This host has been nuked.”

•
Tracking of “reports” through all stages

•
Similar to a help
-
desk ticketing system (open, assigned, closed)

July 26, 2005

Are there other reasons?

•
More secure transmission of data

•
HTTPS vs. unencrypted email

•
Maintains history of past events for analysis

•
Has IP 1.2.3.4 been infected more than once?

•
Find patterns in infections

•
Find patterns in suspects (like Zone
-
H)

•
Trends

•
Pretty graphs and charts!

July 26, 2005

How will it make us
work more efficiently?

•
All talking the same language

•
Targeted notifications (info comes to you)

•
Trending

•
Pretty graphs and charts!

July 26, 2005

How far along are you?

•
As of today:

•
DB Schema is complete

•
Working on web application logic

•
Working on coding PHP front
-
end

July 26, 2005

What are the future
capabilities of BOTS?

•
Automated submission of entries through XML/RPC
(security issues)

•
RSS Feed to data (security issues)

•
Automated notification of new entries to interested
parties (how?)

•
Automated penetration of botnet (interesting…)

•
Malware archive?

•
Daily/Weekly DB Dumps available for download (like
http://osvdb.org/database
-
info.php)

July 26, 2005

So, can I have the URL
to the live site?

•
Uh…no.

•
Still coding it.

•
For more information, access to the site
(when it goes live), or to offer assistance with
PHP coding, DB maintenance, or other issues
contact
micah.hoffman@us
-
cert.gov

BOTS - The Creation of a Botnet Tracking Web - Caida

Σχόλια 0

Το κείμενο της παρουσίασης

What is the GDB?

place the file pointer at the beginning of the

IMPLEMENTATION AND EVALUATION OF A BOTNET ANALYSIS AND DETECTION METHODS IN A VIRTUAL ENVIRONMENT

Extension of the Genetic Algorithm Based Malware Strategy Evolution Forecasting Model for Botnet Strategy Evolution Modeling

Apress - Pro PHP Security - Snyder - 2005

Your Botnet is My Botnet: Analysis of a Botnet Takeover

Electronic Commerce - Tri Dang' Home Page @ HCMUT

Case Study of the Miner Botnet

Draft WG 7 Botnet Metrics Guide [docx]

wg7-botnet-metricsx

The ZeroAccess Botnet – Mining and Fraud for Massive ... - Sophos

Beginning PHP and PostgreSQL 8: From Novice to ... - Csgnet.org

Anatomy of a Botnet

Open Source Security Tools howlett fm.fm Page i Tuesday, June ...

Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and ...

Linux Networking Cookbook - strangemic resource network

F-Secure H2 2012 Threat Report

Επικοινωνία:

BOTS - The Creation of a Botnet Tracking Web - Caida

Σχόλια 0

Το κείμενο της παρουσίασης

Περισσότερα από τον χρήστη obtainablerabbi

Σχετικό Περιεχόμενο