Botnets
The Killer Web Applications
- 1st Edition - February 1, 2007
- Imprint: Syngress
- Authors: Craig Schiller, James R. Binkley
- Language: English
- eBook ISBN:9 7 8 - 0 - 0 8 - 0 5 0 0 2 3 - 2
The book begins with real world cases of botnet attacks to underscore the need for action. Next the book will explain botnet fundamentals using real world examples. These chapters… Read more
Purchase options
Institutional subscription on ScienceDirect
Request a sales quoteThe book begins with real world cases of botnet attacks to underscore the need for action. Next the book will explain botnet fundamentals using real world examples. These chapters will cover what they are, how they operate, and the environment and technology that makes them possible. The following chapters will analyze botnets for opportunities to detect, track, and remove them. Then the book will describe intelligence gathering efforts and results obtained to date. Public domain tools like OurMon, developed by Jim Binkley of Portland State University, will be described in detail along with discussions of other tools and resources that are useful in the fight against Botnets.
- This is the first book to explain the newest internet threat - Botnets, zombie armies, bot herders, what is being done, and what you can do to protect your enterprise
- Botnets are the most complicated and difficult threat the hacker world has unleashed - read how to protect yourself
Information security officers, network administrators, system administrators, incident response teams, security researchers, law enforcement, and security/network software developers are the primary audience for this book. The secondary audience includes CIOs and IT managers and directors who are being questioned by board members and executives about this new threat.
Acknowledgments
Lead Authors and Technical Editors
Contributors
Chapter 1: Botnets: A Call to Action
Introduction
The Killer Web App
How Big Is the Problem?
The Industry Responds
Summary
Solutions Fast Track
Chapter 2: Botnets Overview
What Is a Botnet?
The Botnet Life Cycle
What Does a Botnet Do?
Botnet Economics
Summary
Solutions Fast Track
Chapter 3: Alternative Botnet C&Cs
Introduction: Why Are There Alternative C&Cs?
Historical C&C Technology as a Road Map
DNS and C&C Technology
Alternative Control Channels
Web-Based C&C Servers
Summary
Solutions Fast Track
Chapter 4: Common Botnets
Introduction
SDBot
RBot
Agobot
Spybot
Mytob
Summary
Solutions Fast Track
Chapter 5: Botnet Detection: Tools and Techniques
Introduction
Abuse
Network Infrastructure: Tools and Techniques
Intrusion Detection
Darknets, Honeypots, and Other Snares
Forensics Techniques and Tools for Botnet Detection
Firewall Logs
Antivirus Software Logs
Summary
Solutions Fast Track
Forensics Techniques and Tools for Botnet Detection
Chapter 6: Ourmon: Overview and Installation
Introduction
Case Studies: Things That Go Bump in the Night
How Ourmon Works
Installation of Ourmon
Summary
Solutions Fast Track
Chapter 7: Ourmon: Anomaly Detection Tools
Introduction
The Ourmon Web Interface
A Little Theory
TCP Anomaly Detection
UDP Anomaly Detection
Detecting E-mail Anomalies
Summary
Solutions Fast Track
Chapter 8: IRC and Botnets
Introduction
Understanding the IRC Protocol
Ourmon’s RRDTOOL Statistics and IRC Reports
Detecting an IRC Client Botnet
Detecting an IRC Botnet Server
Summary
Solutions Fast Track
Chapter 9: Advanced Ourmon Techniques
Introduction
Automated Packet Capture
Ourmon Event Log
Tricks for Searching the Ourmon Logs
Sniffing IRC Messages
Optimizing the System
Summary
Solutions Fast Track
Chapter 10: Using Sandbox Tools for Botnets
Introduction
Describing CWSandbox
Examining a Sample Analysis Report
Interpreting an Analysis Report
Bot-Related Findings of Our Live Sandbox
Summary
Solutions Fast Track
Notes
Chapter 11: Intelligence Resources
Introduction
Identifying the Information an Enterprise/University Should Try to Gather
Places/Organizations Where Public Information Can Be Found
Membership Organizations and How to Qualify
Confidentiality Agreements
What to Do with the Information When You Get It
The Role of Intelligence Sources in Aggregating Enough Information to Make Law Enforcement Involvement Practical
Summary
Solutions Fast Track
Chapter 12: Responding to Botnets
Introduction
Giving Up Is Not an Option
Why Do We Have This Problem?
What Is to Be Done?
A Call to Arms
Summary
Solutions Fast Track
FSTC Phishing Solutions Categories
Index
- Edition: 1
- Published: February 1, 2007
- Imprint: Syngress
- No. of pages: 480
- Language: English
- eBook ISBN: 9780080500232
CS
Craig Schiller
Craig A Schiller (CISSP-ISSMP, ISSAP) is the CISO for Portland State University and President of Hawkeye Security Training, LLC. He is the primary author of the first Generally Accepted System Security Principles. He is a co-author of “Combating Spyware in the Enterprise” and “Winternals” from Syngress, several editions of the Handbook of Information Security Management, and a contributing author to Data Security Management. Mr. Schiller has co-founded two ISSA chapters, the Central Plains chapter and the Texas Gulf Coast Chapter.
Affiliations and expertise
CISO for Portland State University and President of Hawkeye Security Training, LLCJB
James R. Binkley
Jim Binkley is a teacher, network engineer, and researcher in the Computer Science Department at Portland State University. Jim has twenty five years of experience with UNIX operating system internals and twenty years of experience with TCP/IP networking. Jim teaches a graduate sequence of networking classes including TCP/IP, routing, and network security, and also teaches operating system classes including Linux O.S. internals, Linux Device Drivers, and BSD TCP/IP stack internals.
Affiliations and expertise
Teacher, network engineer, and researcher, Portland State University, USARead Botnets on ScienceDirect