Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
ECE4112 Internetwork Security - Lab 10 - Botnets

ECE4112 Internetwork Security - Lab 10 - Botnets

Ratings: (0)|Views: 99|Likes:
Published by Dhruv Jain
Uploaded by Hack Archives - http://undergroundlegacy.co.cc -
Uploaded by Hack Archives - http://undergroundlegacy.co.cc -

More info:

Published by: Dhruv Jain on Mar 19, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less





ECE4112 Internetwork SecurityLab 10: Botnets
Group Number: _________ Member Names: ___________________ _______________________ Date Assigned: March 28, 2006
Date Due: April 4, 2006Last Edited: April 8, 2006
Please read the entire lab and any extra materials carefully before starting. Be sure to start early enough sothat you will have time to complete the lab. Answer ALL questions in the
Answer Sheet
and be sure youturn in ALL materials listed in the
Turn-in Checklist
on or before the Date Due.
The goal of this lab is to introduce you to the concept of Botnets, and showcase some featuresof popular bots.
You will install two different bots, use them to carry out attacks, and analyze theresults.
Read Appendix A: ³Bots, Drones, Zombies, Worms and Other ThingsThat Go Bump in the Night´ (www.swatit.org/bots) and Appendix B: ³Tracking Botnets´(http://www.honeynet.org/papers/bots/).
Prelab Questions:
Lab Scenario:
For this lab you will set up an IRC server on your Red Hat 4.0 hostmachine and then infect two virtual machines (one Windows one Linux) with bots that willconnect to it. To help with the transfer of files between all of the machines, it may be helpful toset up Shared folders on the virtual machines. To do so, see Appendix C.
igure 1 - Lab Scenario Network Diagram
Section 1: Setup
Setting up the IRCd server
IRC networks, while not as popular as many web-based chatrooms, are considered part of the³underground´ Internet, and public IRC servers are home to many hacking groups and illegalsoftware (warez) release groups, mainly because of the relative anonymity users can have whileconnected to IRC. Because of this, botnets are a feasible method of controlling victims withoutdirectly connecting to them. IRC servers are usually part of a network, providing multipleservers for clients to connect to (if one is closer, or less loaded), which enhances the hard-to-trace nature of IRC.For the first section of the lab, we will need to set up an IRC server on our host machine tosimulate a public server where the attacker would control the infected machines.Copy the file
from the NAS to your host machine. Perform the following procedureto set up the IRC daemon on the WS4.0 machine:
# tar ±xzvf irc2.11.1.tgz# cd irc2.11.1# ./configure# cd i686-pc-linux-gnu# make all; make install 
Once the IRCd is installed, we need to give it a configuration file. The example configurationfile included with the installation is set up so the server acts as a node in a network. On the NASis a pre-configured
file, which changes around the configuration of the server so it willact as a single server. Copy this
file to
# cp ircd.conf /usr/local/etc/ 
IRCdIRC client(Attacker)Infected XPmachine(Victim)Redhat WS4.0InfectedRedHatmachine(Victim)
3To start the server up, run the following command:
# /usr/local/sbin/ircd ±s
parameter prevents the
process from launching
, a daemon which performs ident requestsfor incoming IRC clients. This process takes more time than necessary, since the Redhat and windowsmachines don¶t answer these requests and they have to time out. We don¶t want this for our situation, so weturn it off.
Once the IRCd server is running, click on the ³red hat´ icon in the WS4.0 interface. Select³Internet´ and then ³IRC.´ You can put in whatever nickname you like. Click ³Skip server liston startup´ and then connect to a random server. When the -Chat window pops up, go toServer 
Disconnect to cancel connecting to the server. In the bottom text bar, type thecommand:
/server <WS4.0 IP> 6668
Once the server logs you in (there may be some time before the MOTD displays), type thefollowing command to join a channel.
/join #ece4112

Activity (3)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
hussein_wahab liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->