Botnets - 1st Edition - ISBN: 9781597491358, 9780080500232

Botnets

1st Edition

The Killer Web Applications

Authors: Craig Schiller James Binkley
eBook ISBN: 9780080500232
Paperback ISBN: 9781597491358
Imprint: Syngress
Published Date: 1st February 2007
Page Count: 480
Tax/VAT will be calculated at check-out Price includes VAT (GST)
31.99
39.95
51.95
Unavailable
Price includes VAT (GST)
× DRM-Free

Easy - Download and start reading immediately. There’s no activation process to access eBooks; all eBooks are fully searchable, and enabled for copying, pasting, and printing.

Flexible - Read on multiple operating systems and devices. Easily read eBooks on smart phones, computers, or any eBook readers, including Kindle.

Open - Buy once, receive and download all available eBook formats, including PDF, EPUB, and Mobi (for Kindle).

Institutional Access

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.

Description

The book begins with real world cases of botnet attacks to underscore the need for action. Next the book will explain botnet fundamentals using real world examples. These chapters will cover what they are, how they operate, and the environment and technology that makes them possible. The following chapters will analyze botnets for opportunities to detect, track, and remove them. Then the book will describe intelligence gathering efforts and results obtained to date. Public domain tools like OurMon, developed by Jim Binkley of Portland State University, will be described in detail along with discussions of other tools and resources that are useful in the fight against Botnets.

Key Features

  • This is the first book to explain the newest internet threat - Botnets, zombie armies, bot herders, what is being done, and what you can do to protect your enterprise
  • Botnets are the most complicated and difficult threat the hacker world has unleashed - read how to protect yourself

Readership

Information security officers, network administrators, system administrators, incident response teams, security researchers, law enforcement, and security/network software developers are the primary audience for this book. The secondary audience includes CIOs and IT managers and directors who are being questioned by board members and executives about this new threat.

Table of Contents

Acknowledgments

Lead Authors and Technical Editors

Contributors

Chapter 1: Botnets: A Call to Action

Introduction

The Killer Web App

How Big Is the Problem?

The Industry Responds

Summary

Solutions Fast Track

Chapter 2: Botnets Overview

What Is a Botnet?

The Botnet Life Cycle

What Does a Botnet Do?

Botnet Economics

Summary

Solutions Fast Track

Chapter 3: Alternative Botnet C&Cs

Introduction: Why Are There Alternative C&Cs?

Historical C&C Technology as a Road Map

DNS and C&C Technology

Alternative Control Channels

Web-Based C&C Servers

Summary

Solutions Fast Track

Chapter 4: Common Botnets

Introduction

SDBot

RBot

Agobot

Spybot

Mytob

Summary

Solutions Fast Track

Chapter 5: Botnet Detection: Tools and Techniques

Introduction

Abuse

Network Infrastructure: Tools and Techniques

Intrusion Detection

Darknets, Honeypots, and Other Snares

Forensics Techniques and Tools for Botnet Detection

Firewall Logs

Antivirus Software Logs

Summary

Solutions Fast Track

Forensics Techniques and Tools for Botnet Detection

Chapter 6: Ourmon: Overview and Installation

Introduction

Case Studies: Things That Go Bump in the Night

How Ourmon Works

Installation of Ourmon

Summary

Solutions Fast Track

Chapter 7: Ourmon: Anomaly Detection Tools

Introduction

The Ourmon Web Interface

A Little Theory

TCP Anomaly Detection

UDP Anomaly Detection

Detecting E-mail Anomalies

Summary

Solutions Fast Track

Chapter 8: IRC and Botnets

Introduction

Understanding the IRC Protocol

Ourmon’s RRDTOOL Statistics and IRC Reports

Detecting an IRC Client Botnet

Detecting an IRC Botnet Server

Summary

Solutions Fast Track

Chapter 9: Advanced Ourmon Techniques

Introduction

Automated Packet Capture

Ourmon Event Log

Tricks for Searching the Ourmon Logs

Sniffing IRC Messages

Optimizing the System

Summary

Solutions Fast Track

Chapter 10: Using Sandbox Tools for Botnets

Introduction

Describing CWSandbox

Examining a Sample Analysis Report

Interpreting an Analysis Report

Bot-Related Findings of Our Live Sandbox

Summary

Solutions Fast Track

Notes

Chapter 11: Intelligence Resources

Introduction

Identifying the Information an Enterprise/University Should Try to Gather

Places/Organizations Where Public Information Can Be Found

Membership Organizations and How to Qualify

Confidentiality Agreements

What to Do with the Information When You Get It

The Role of Intelligence Sources in Aggregating Enough Information to Make Law Enforcement Involvement Practical

Summary

Solutions Fast Track

Chapter 12: Responding to Botnets

Introduction

Giving Up Is Not an Option

Why Do We Have This Problem?

What Is to Be Done?

A Call to Arms

Summary

Solutions Fast Track

FSTC Phishing Solutions Categories

Index

Details

No. of pages:
480
Language:
English
Copyright:
© Syngress 2007
Published:
Imprint:
Syngress
eBook ISBN:
9780080500232
Paperback ISBN:
9781597491358

About the Author

Craig Schiller

Craig A Schiller (CISSP-ISSMP, ISSAP) is the CISO for Portland State University and President of Hawkeye Security Training, LLC. He is the primary author of the first Generally Accepted System Security Principles. He is a co-author of “Combating Spyware in the Enterprise” and “Winternals” from Syngress, several editions of the Handbook of Information Security Management, and a contributing author to Data Security Management. Mr. Schiller has co-founded two ISSA chapters, the Central Plains chapter and the Texas Gulf Coast Chapter.

Affiliations and Expertise

CISO for Portland State University and President of Hawkeye Security Training, LLC

James Binkley

Jim Binkley is a teacher, network engineer, and researcher in the Computer Science Department at Portland State University. Jim has twenty five years of experience with UNIX operating system internals and twenty years of experience with TCP/IP networking. Jim teaches a graduate sequence of networking classes including TCP/IP, routing, and network security, and also teaches operating system classes including Linux O.S. internals, Linux Device Drivers, and BSD TCP/IP stack internals.

Affiliations and Expertise

Teacher, network engineer, and researcher, Portland State University, USA