slide1
Download
Skip this Video
Download Presentation
BOTS

Loading in 2 Seconds...

play fullscreen
1 / 8

BOTS - PowerPoint PPT Presentation


  • 188 Views
  • Uploaded on

BOTS. The Creation of a Botnet Tracking Web Application. Micah Hoffman US-CERT. What is it?. Apache/PHP/PostgreSQL Web application It slices. It dices! It tracks: Bots (both servers and clients) Bot protocols (e.g., HTTP, IRC, …)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'BOTS' - lynton


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

BOTS

The Creation of a

Botnet Tracking Web Application

Micah Hoffman

US-CERT

what is it
What is it?
  • Apache/PHP/PostgreSQL Web application
  • It slices. It dices! It tracks:
    • Bots (both servers and clients)
    • Bot protocols (e.g., HTTP, IRC, …)
    • Net info lookups: IP, IP Block, DNS registrar, DNS registrant and their parent’s information
    • Suspects/Perpetrators
    • Stake-holders of infected machines
but why do we need it
But why do we need it?
  • Standardize input of data
    • Same person; 2 emails; 30 minutes apart
      • “Another botnet c&c dns rr… please terminate it.”
      • “Anoter botnet c&c dns rr… please shut down it.”
    • Responses from people terminating a botnet C&C
      • “Closed”
      • “This one is being taken care of.”
      • “This host has been nuked.”
  • Tracking of “reports” through all stages
      • Similar to a help-desk ticketing system (open, assigned, closed)
are there other reasons
Are there other reasons?
  • More secure transmission of data
    • HTTPS vs. unencrypted email
  • Maintains history of past events for analysis
    • Has IP 1.2.3.4 been infected more than once?
    • Find patterns in infections
    • Find patterns in suspects (like Zone-H)
    • Trends
    • Pretty graphs and charts!
how will it make us work more efficiently
How will it make us work more efficiently?
  • All talking the same language
  • Targeted notifications (info comes to you)
  • Trending
  • Pretty graphs and charts!
how far along are you
How far along are you?
  • As of today:
    • DB Schema is complete
    • Working on web application logic
    • Working on coding PHP front-end
what are the future capabilities of bots
What are the future capabilities of BOTS?
  • Automated submission of entries through XML/RPC (security issues)
  • RSS Feed to data (security issues)
  • Automated notification of new entries to interested parties (how?)
  • Automated penetration of botnet (interesting…)
  • Malware archive?
  • Daily/Weekly DB Dumps available for download (like http://osvdb.org/database-info.php)
so can i have the url to the live site
So, can I have the URL to the live site?
  • Uh…no.
  • Still coding it.
  • For more information, access to the site (when it goes live), or to offer assistance with PHP coding, DB maintenance, or other issues contact [email protected]
ad