Botnets

Botnets

The Killer Web Applications

1st Edition - February 1, 2007

Write a review

  • Authors: Craig Schiller, James Binkley
  • eBook ISBN: 9780080500232

Purchase options

Purchase options
DRM-free (EPub, Mobi, PDF)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order

Description

The book begins with real world cases of botnet attacks to underscore the need for action. Next the book will explain botnet fundamentals using real world examples. These chapters will cover what they are, how they operate, and the environment and technology that makes them possible. The following chapters will analyze botnets for opportunities to detect, track, and remove them. Then the book will describe intelligence gathering efforts and results obtained to date. Public domain tools like OurMon, developed by Jim Binkley of Portland State University, will be described in detail along with discussions of other tools and resources that are useful in the fight against Botnets.

Key Features

  • This is the first book to explain the newest internet threat - Botnets, zombie armies, bot herders, what is being done, and what you can do to protect your enterprise
  • Botnets are the most complicated and difficult threat the hacker world has unleashed - read how to protect yourself

Readership

Information security officers, network administrators, system administrators, incident response teams, security researchers, law enforcement, and security/network software developers are the primary audience for this book. The secondary audience includes CIOs and IT managers and directors who are being questioned by board members and executives about this new threat.

Table of Contents

  • Acknowledgments

    Lead Authors and Technical Editors

    Contributors

    Chapter 1: Botnets: A Call to Action

    Introduction

    The Killer Web App

    How Big Is the Problem?

    The Industry Responds

    Summary

    Solutions Fast Track

    Chapter 2: Botnets Overview

    What Is a Botnet?

    The Botnet Life Cycle

    What Does a Botnet Do?

    Botnet Economics

    Summary

    Solutions Fast Track

    Chapter 3: Alternative Botnet C&Cs

    Introduction: Why Are There Alternative C&Cs?

    Historical C&C Technology as a Road Map

    DNS and C&C Technology

    Alternative Control Channels

    Web-Based C&C Servers

    Summary

    Solutions Fast Track

    Chapter 4: Common Botnets

    Introduction

    SDBot

    RBot

    Agobot

    Spybot

    Mytob

    Summary

    Solutions Fast Track

    Chapter 5: Botnet Detection: Tools and Techniques

    Introduction

    Abuse

    Network Infrastructure: Tools and Techniques

    Intrusion Detection

    Darknets, Honeypots, and Other Snares

    Forensics Techniques and Tools for Botnet Detection

    Firewall Logs

    Antivirus Software Logs

    Summary

    Solutions Fast Track

    Forensics Techniques and Tools for Botnet Detection

    Chapter 6: Ourmon: Overview and Installation

    Introduction

    Case Studies: Things That Go Bump in the Night

    How Ourmon Works

    Installation of Ourmon

    Summary

    Solutions Fast Track

    Chapter 7: Ourmon: Anomaly Detection Tools

    Introduction

    The Ourmon Web Interface

    A Little Theory

    TCP Anomaly Detection

    UDP Anomaly Detection

    Detecting E-mail Anomalies

    Summary

    Solutions Fast Track

    Chapter 8: IRC and Botnets

    Introduction

    Understanding the IRC Protocol

    Ourmon’s RRDTOOL Statistics and IRC Reports

    Detecting an IRC Client Botnet

    Detecting an IRC Botnet Server

    Summary

    Solutions Fast Track

    Chapter 9: Advanced Ourmon Techniques

    Introduction

    Automated Packet Capture

    Ourmon Event Log

    Tricks for Searching the Ourmon Logs

    Sniffing IRC Messages

    Optimizing the System

    Summary

    Solutions Fast Track

    Chapter 10: Using Sandbox Tools for Botnets

    Introduction

    Describing CWSandbox

    Examining a Sample Analysis Report

    Interpreting an Analysis Report

    Bot-Related Findings of Our Live Sandbox

    Summary

    Solutions Fast Track

    Notes

    Chapter 11: Intelligence Resources

    Introduction

    Identifying the Information an Enterprise/University Should Try to Gather

    Places/Organizations Where Public Information Can Be Found

    Membership Organizations and How to Qualify

    Confidentiality Agreements

    What to Do with the Information When You Get It

    The Role of Intelligence Sources in Aggregating Enough Information to Make Law Enforcement Involvement Practical

    Summary

    Solutions Fast Track

    Chapter 12: Responding to Botnets

    Introduction

    Giving Up Is Not an Option

    Why Do We Have This Problem?

    What Is to Be Done?

    A Call to Arms

    Summary

    Solutions Fast Track

    FSTC Phishing Solutions Categories

    Index

Product details

  • No. of pages: 480
  • Language: English
  • Copyright: © Syngress 2007
  • Published: February 1, 2007
  • Imprint: Syngress
  • eBook ISBN: 9780080500232

About the Authors

Craig Schiller

Craig A Schiller (CISSP-ISSMP, ISSAP) is the CISO for Portland State University and President of Hawkeye Security Training, LLC. He is the primary author of the first Generally Accepted System Security Principles. He is a co-author of “Combating Spyware in the Enterprise” and “Winternals” from Syngress, several editions of the Handbook of Information Security Management, and a contributing author to Data Security Management. Mr. Schiller has co-founded two ISSA chapters, the Central Plains chapter and the Texas Gulf Coast Chapter.

Affiliations and Expertise

CISO for Portland State University and President of Hawkeye Security Training, LLC

James Binkley

Jim Binkley is a teacher, network engineer, and researcher in the Computer Science Department at Portland State University. Jim has twenty five years of experience with UNIX operating system internals and twenty years of experience with TCP/IP networking. Jim teaches a graduate sequence of networking classes including TCP/IP, routing, and network security, and also teaches operating system classes including Linux O.S. internals, Linux Device Drivers, and BSD TCP/IP stack internals.

Affiliations and Expertise

Teacher, network engineer, and researcher, Portland State University, USA

Ratings and Reviews

Write a review

There are currently no reviews for "Botnets"