Honeypots and Deception


Menu

Main

Articles

News

Contacts


search this site


Honeypots and deception: Botnets

Botnets

Botnet is a jargon term for a collection of software robots, or bots, which run autonomously. A botnet"s originator can control the group remotely, usually through a means such as IRC, and usually for nefarious purposes.

A botnet can comprise a collection of cracked machines running programs (usually referred to as worms, Trojan horses, or backdoors) under a common command and control infrastructure. Individual programs manifest as IRC "bots". Often the command and control takes place via an IRC server or a specific channel on a public IRC network. A bot typically runs hidden, and complies with the RFC 1459 (IRC) standard. Generally, the perpetrator of the botnet has compromised a series of systems using various tools (exploits, buffer overflows, as well as others; see also RPC). Newer bots can automatically scan their environment and propagate themselves using vulnerabilities and weak passwords. Generally, the more vulnerabilities a bot can scan and propagate through, the more valuable it becomes to a botnet owner community.

A Botnet can also be a group of IRC bots, such as Eggdrops.

Botnets have become a significant part of the Internet, albeit increasingly hidden. Due to most conventional IRC networks taking measures and blocking access to previously-hosted botnets, owners must now find their own servers. Oftentimes, a botnet will include a variety of connections, ranging from dial-up, DSL, cable, educational, and corporate. Sometimes, an owner will hide an IRC server installation on an educational or corporate site, where high-speed connections can support a large number of other bots. Exploitation of this method of using a bot to host other bots has proliferated only recently, as most script kiddies do not have the knowledge to take advantage of it.

Several botnets have been found and removed from the Internet. The dutch police found and dismantled a 100,000 node botnet and the norwegian ISP Telenor disbanded a 10,000 node botnet. Large coordinated international efforts to shutdown botnets have also been initiated.




 
Copyleft ©