Hacking BotNets

BotNet Overview

  • How to Know if You’re Infected
  • Key Commands for Testing
  • Infection Lifecycle:
    • Initial information - find a vulnerability and exploit
    • Inject scripts to infect the victim
    • Establish connection to Command & Control Channel (C&C)
    • BotNet request commands from C&C to the begin attack
  • Firewalls
  • Firewall Architecture
  • Packet Filtering Firewall:
    • Packet filters are scalable and not application dependent.
    • Packet filters are high performance firewalls since they do not carry out extensive processing on each package.
    • Good to use as a first line of defense
    • A BotNet will most likely get through this type of firewall.
  • Stateful Firewall:
    • Maintains a state table that tracks everything within the session
    • Has a better performance matrix then an application proxy Firewalls with a higher degree of security
    • Is Scalable

 

  • Application Proxy Firewall:
    • They have extensive logging capabilities.
    • They can authenticate users directly which is unlike other firewalls that only use system authentication
    • Not great in high-bandwidth, real-time applications
    • Performance issues since it looks at each packet.
  • Dynamic Packet-Filtering Firewall:
    • It operates at the Network, and Transport layers (Layers 3 and 4) of the OSI model
    • A Dynamic Firewall evaluates the context of network traffic. It looks at source, destination addresses, application usages, origin, and relationship between current/previous packets.
  • Kernel Proxy Firewall:
    • Known as a fifth-generation firewall
    • Can create dynamic, customizable virtual network stacks
    • It can scrutinize every layer of the packet.
    • It can also act as a NAT by changing the source address
  • Next-Generation Firewalls:
  • Build-in signature-based IPS engines that can learn traffic patterns
  • Understand behavior patterns across networks
  • Spot specific indicator patterns using advanced AI algorithms
  • Have the ability to connect to Active Directories, White-Lists, Black-List and other policy servers linked across cloud networks
  • Firewall Architecture Types:
    • Screened Host   
    • Multi/Dual-Homed 
    • Screened Subnet 
    • Additional Methods to Combat BotNets

        11 Ways to Combat Botnets:

1) Install a Windows Firewall: Also, properly configure it.

2) Disable AutoRun: Do not let systems automatically install software.

3) Break Password Trusts: Take control of admin accounts and don't let systems automatically connect to each other.

4) Consider Network Compartmentalization: Set up VLANS, or access control lists (ACLS) between subnetworks and limit the capability for computers to communicate with each other.

5) Provide Least Privilege: Give users what they need to do their jobs and nothing more.

6) Install Host-Based Intrusion Prevention: Don't let Botnets get root access.

7) Enhance Monitoring: The more you know the better so log it, log it, LOG IT!

8) Filter Data Leaving the Network: Botnets like to communication with the command and control center so egress filtering is key.

9) Use a Proxy Server: Forcing outbound traffic through a proxy gives you a point of monitoring.

10) Install Reputation-based Filtering: Block emails from, request to. Know your potential malware websites and filter.

11) Monitor DNS Queries: If a computer is responding to a DNS query could be a sign of a botnet infection.

  • BotNet Command & Control
  • Comparison Chart of BotNet Categories
  • Fast Flux Networks
  • Intrusion Detection Systems
    • Host-Based
    • Network-Based
    • Hybrid of the two
  • Mobile Systems
Hacking BotNets
Analysis of some of the ways to combat the growing problem of BotNets on the Web
Hacking_Botnets.pdf
Adobe Acrobat document [1.2 MB]

Lance West

 

DigiBrains@msn.com

 

 

  • Cyber-Security

 

  • Information Assurance training

 

  • IT Risk Analysis

 

  • BIA/BCP Development

 

  • Software Security

 

  • Databases
Print Print | Sitemap
© DigiBrains LLC