Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
3Activity
0 of .
Results for:
No results containing your search query
P. 1
ECE4112 Internetwork Security - Lab 10 - Botnets

ECE4112 Internetwork Security - Lab 10 - Botnets

Ratings: (0)|Views: 99|Likes:
Published by Dhruv Jain
Uploaded by Hack Archives - http://undergroundlegacy.co.cc -
Uploaded by Hack Archives - http://undergroundlegacy.co.cc -

More info:

Published by: Dhruv Jain on Mar 19, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less

11/21/2014

pdf

text

original

 
1
ECE4112 Internetwork SecurityLab 10: Botnets
Group Number: _________ Member Names: ___________________ _______________________ Date Assigned: March 28, 2006
 
Date Due: April 4, 2006Last Edited: April 8, 2006
Please read the entire lab and any extra materials carefully before starting. Be sure to start early enough sothat you will have time to complete the lab. Answer ALL questions in the
Answer Sheet
and be sure youturn in ALL materials listed in the
Turn-in Checklist
on or before the Date Due.
Goal:
 
The goal of this lab is to introduce you to the concept of Botnets, and showcase some featuresof popular bots.
Summary:
You will install two different bots, use them to carry out attacks, and analyze theresults.
Background:
 
Read Appendix A: ³Bots, Drones, Zombies, Worms and Other ThingsThat Go Bump in the Night´ (www.swatit.org/bots) and Appendix B: ³Tracking Botnets´(http://www.honeynet.org/papers/bots/).
Prelab Questions:
 
None
Lab Scenario:
For this lab you will set up an IRC server on your Red Hat 4.0 hostmachine and then infect two virtual machines (one Windows one Linux) with bots that willconnect to it. To help with the transfer of files between all of the machines, it may be helpful toset up Shared folders on the virtual machines. To do so, see Appendix C.
 
2
F
igure 1 - Lab Scenario Network Diagram
Section 1: Setup
 
1.1
 
Setting up the IRCd server
IRC networks, while not as popular as many web-based chatrooms, are considered part of the³underground´ Internet, and public IRC servers are home to many hacking groups and illegalsoftware (warez) release groups, mainly because of the relative anonymity users can have whileconnected to IRC. Because of this, botnets are a feasible method of controlling victims withoutdirectly connecting to them. IRC servers are usually part of a network, providing multipleservers for clients to connect to (if one is closer, or less loaded), which enhances the hard-to-trace nature of IRC.For the first section of the lab, we will need to set up an IRC server on our host machine tosimulate a public server where the attacker would control the infected machines.Copy the file
irc2.11.1.tgz
from the NAS to your host machine. Perform the following procedureto set up the IRC daemon on the WS4.0 machine:
# tar ±xzvf irc2.11.1.tgz# cd irc2.11.1# ./configure# cd i686-pc-linux-gnu# make all; make install 
Once the IRCd is installed, we need to give it a configuration file. The example configurationfile included with the installation is set up so the server acts as a node in a network. On the NASis a pre-configured
ircd.conf 
file, which changes around the configuration of the server so it willact as a single server. Copy this
ircd.conf 
file to
/usr/local/etc/ 
:
# cp ircd.conf /usr/local/etc/ 
 
IRCdIRC client(Attacker)Infected XPmachine(Victim)Redhat WS4.0InfectedRedHatmachine(Victim)
 
3To start the server up, run the following command:
# /usr/local/sbin/ircd ±s
The
³-s´ 
parameter prevents the
ircd 
process from launching
iauth
, a daemon which performs ident requestsfor incoming IRC clients. This process takes more time than necessary, since the Redhat and windowsmachines don¶t answer these requests and they have to time out. We don¶t want this for our situation, so weturn it off.
Once the IRCd server is running, click on the ³red hat´ icon in the WS4.0 interface. Select³Internet´ and then ³IRC.´ You can put in whatever nickname you like. Click ³Skip server liston startup´ and then connect to a random server. When the -Chat window pops up, go toServer 
Disconnect to cancel connecting to the server. In the bottom text bar, type thecommand:
/server <WS4.0 IP> 6668
Once the server logs you in (there may be some time before the MOTD displays), type thefollowing command to join a channel.
/join #ece4112

Activity (3)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
hussein_wahab liked this

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->