Comments on: The Anatomy of a Botnet http://www.adeptechllc.com/2008/05/12/the-anatomy-of-a-botnet/ Software, Process and Security Thu, 28 Aug 2008 10:50:52 +0000 http://wordpress.org/?v=2.5.1 By: Keith McMillan http://www.adeptechllc.com/2008/05/12/the-anatomy-of-a-botnet/#comment-2347 Keith McMillan Wed, 14 May 2008 02:07:25 +0000 http://www.adeptechllc.com/?p=110#comment-2347 Hi Andy, It's a good idea, and this is the way that some of the researchers have gone about identifying the size of the Storm botnet, for instance. Botnet controllers do go to lengths to prevent this sort of thing, for the obvious reasons. I know a number of them use IRC as a control channel, but I don't really know too much about the actual infrastructure of an IRC network, what kind of survivability they have. Botnets do typically have redundant command and control, though. The Storm researchers actually registered a machine with the IP address of one of the failover controllers to assume control and measure the size of the network. Eventually, I think that attacking the command and control is the way to go, but clearly there are some technical challenges that need to be overcome first. Hi Andy,

It’s a good idea, and this is the way that some of the researchers have gone about identifying the size of the Storm botnet, for instance.

Botnet controllers do go to lengths to prevent this sort of thing, for the obvious reasons. I know a number of them use IRC as a control channel, but I don’t really know too much about the actual infrastructure of an IRC network, what kind of survivability they have. Botnets do typically have redundant command and control, though. The Storm researchers actually registered a machine with the IP address of one of the failover controllers to assume control and measure the size of the network.

Eventually, I think that attacking the command and control is the way to go, but clearly there are some technical challenges that need to be overcome first.

]]> By: Andy Kailhofer http://www.adeptechllc.com/2008/05/12/the-anatomy-of-a-botnet/#comment-2308 Andy Kailhofer Tue, 13 May 2008 14:53:18 +0000 http://www.adeptechllc.com/?p=110#comment-2308 What about going after the heads? Just like with zombies, getting rid of the controllers should do the trick. I'm supposing that they're mostly set up in places like NoLawsHereIstan? What about going after the heads? Just like with zombies, getting rid of the controllers should do the trick. I’m supposing that they’re mostly set up in places like NoLawsHereIstan?

]]>