Professional Documents
Culture Documents
BOTNETS
Systems connected to internet are at risk of
infection
Compromised machines can wait for
commands from attacker turns into a bot
Bot - single node added to a network of
other infected systems called a botnet
Botmaster controls bots by issuing
commands
Botnets perform activities through
communciation between bots and
botmasters
CENTRALIZED TOPOLOGY
CENTRALIZED TOPOLOGY
Central location of Command-and-Control
C&C servers
Basic form uses a server to C&C all bots
Advanced forms
Multiservers
Uses more than one server for C&C
Makes botnets more reliable and less vulnerable to
take down attempts
Can take commands even if one server is
unreachable
Eg: Asprox botnet
Hierarchical Infrastructure
Multiserver technique using layers of servers to proxy
communications between bots and C&C servers
Promotes reliability and longevity
Covers true location
Drawbacks
Increased Infrastructure complexity
Eg: Waledac
DECENTRALIZED