BOTS The Creation of a Botnet Tracking Web

Зарегистрируйтесь, чтобы просмотреть полный документ!

BOTS The Creation of a Botnet Tracking Web Application July 26, 2005 Micah Hoffman US-CERT

What is it? • Apache/PHP/Postgre. SQL Web application • It slices. It dices! It tracks: • Bots (both servers and clients) • Bot protocols (e. g. , HTTP, IRC, …) • Net info lookups: IP, IP Block, DNS registrar, DNS registrant and their parent’s information • Suspects/Perpetrators • Stake-holders of infected machines July 26, 2005

But why do we need it? • Standardize input of data • Same person; 2 emails; 30 minutes apart • “Another botnet c&c dns rr… please terminate it. ” • “Anoter botnet c&c dns rr… please shut down it. ” • Responses from people terminating a botnet C&C • “Closed” • “This one is being taken care of. ” • “This host has been nuked. ” • Tracking of “reports” through all stages • Similar to a help-desk ticketing system (open, assigned, closed) July 26, 2005

Are there other reasons? • More secure transmission of data • HTTPS vs. unencrypted email • Maintains history of past events for analysis • • • Has IP 1. 2. 3. 4 been infected more than once? Find patterns in infections Find patterns in suspects (like Zone-H) Trends Pretty graphs and charts! July 26, 2005

How will it make us work more efficiently? • • All talking the same language Targeted notifications (info comes to you) Trending Pretty graphs and charts! July 26, 2005

How far along are you? • As of today: • DB Schema is complete • Working on web application logic • Working on coding PHP front-end July 26, 2005

What are the future capabilities of BOTS? • Automated submission of entries through XML/RPC (security issues) • RSS Feed to data (security issues) • Automated notification of new entries to interested parties (how? ) • Automated penetration of botnet (interesting…) • Malware archive? • Daily/Weekly DB Dumps available for download (like http: //osvdb. org/database-info. php) July 26, 2005

So, can I have the URL to the live site? • Uh…no. • Still coding it. • For more information, access to the site (when it goes live), or to offer assistance with PHP coding, DB maintenance, or other issues contact micah. hoffman@us-cert. gov July 26, 2005

Скачать презентацию BOTS The Creation of a Botnet Tracking Web

e3c65513ad79c5e9d0634aa40724754e.ppt

Количество слайдов: 8