Botnets: The Killer Web Applications
Craig Schiller, Jim Binkley
- 出版商: Syngress Media
- 出版日期: 2007-02-01
- 定價: $1,813
- 售價: 6.0 折 $1,088
- 語言: 英文
- 頁數: 480
- 裝訂: Paperback
- ISBN: 1597491357
- ISBN-13: 9781597491358
With funding from organized crime and spam lords, a generation of talented hackers without morals has created a devastating arsenal of deadly toys, in the form of botnets. Norman Elton and Matt Keel from the College of William & Mary in their presentation “Who Owns Your Network?” called bot networks “the single greatest threat facing humanity.” This may be an exaggeration, but botnets are arguably the biggest threat that the Internet community has faced.
Understand the Botnet’s Life Cycle
The life of a botclient can be described as a life cycle. The authors show the nine steps that are repeated until the command to abandon the client is given.
Learn DNS and C&C Technology
See how DNS is a good example of how C&Cs use multiple layers in their design to ensure they stay up. By using different servers, botnet controllers can concentrate on the C&C itself rather than moving all the bots.
Meet the Bot Families
Understand the characteristics of the various families: SDBot, RBot, Agobot, Spybot, and Mytob.
Take Advantage of External Notifications
No single measure guarantees detection of bot activity, but good monitoring of multilayered defenses will contribute immensely to keeping the botherder from your door.
Discover how ourmon, an open source network management and anomaly detection system, can help you recognize botnet attacks.
Use Sandbox Tools for Botnets
See how Sandbox and CWSandbox can be integrated into a bigger process of automatic malware analysis.
Identify the Information an Enterprise Should Gather
Tools like disassemblers can be used to disassemble a botnet and view its code.
Understand Why This Problems Exists
Find and eliminate the conditions that cause the demand, and botnets will diminish.
Contents of This Book:
Botnets: A Call to Action
Alternative Botnet C&Cs
Botnet Detection: Tools and Techniques
Ourmon: Overview and Installation
Ourmon: Anomaly Detection Tools
IRC and Botnets
Advanced Ourmon Techniques
Using Sandbox Tools for Botnets
Responding to Botnets