Botnets (eBook)
480 Seiten
Elsevier Science (Verlag)
978-0-08-050023-2 (ISBN)
* This is the first book to explain the newest internet threat - Botnets, zombie armies, bot herders, what is being done, and what you can do to protect your enterprise
* Botnets are the most complicated and difficult threat the hacker world has unleashed - read how to protect yourself
The book begins with real world cases of botnet attacks to underscore the need for action. Next the book will explain botnet fundamentals using real world examples. These chapters will cover what they are, how they operate, and the environment and technology that makes them possible. The following chapters will analyze botnets for opportunities to detect, track, and remove them. Then the book will describe intelligence gathering efforts and results obtained to date. Public domain tools like OurMon, developed by Jim Binkley of Portland State University, will be described in detail along with discussions of other tools and resources that are useful in the fight against Botnets. - This is the first book to explain the newest internet threat - Botnets, zombie armies, bot herders, what is being done, and what you can do to protect your enterprise- Botnets are the most complicated and difficult threat the hacker world has unleashed - read how to protect yourself
Front Cover 1
Botnets: The Killer Web App 4
Copyright Page 5
Contents 10
Chapter 1. Botnets: A Call to Action 18
Introduction 19
The Killer Web App 20
How Big Is the Problem? 21
The Industry Responds 39
Summary 41
Solutions Fast Track 42
Frequently Asked Questions 43
Chapter 2. Botnets Overview 46
What Is a Botnet? 47
The Botnet Life Cycle 48
What Does a Botnet Do? 59
Botnet Economics 79
Summary 87
Solutions Fast Track 87
Frequently Asked Questions 90
Chapter 3. Alternative Botnet C& Cs
Introduction: Why Are There Alternative C& Cs?
Historical C& C Technology as a Road Map
DNS and C& C Technology
Alternative Control Channels 99
Web-Based C& C Servers
Summary 110
Solutions Fast Track 111
Frequently Asked Questions 112
Chapter 4. Common Botnets 114
Introduction 115
SDBot 115
RBot 121
Agobot 128
Spybot 135
Mytob 140
Summary 145
Solutions Fast Track 146
Frequently Asked Questions 148
Chapter 5. Botnet Detection: Tools and Techniques 150
Introduction 151
Abuse 151
Network Infrastructure: Tools and Techniques 157
Intrusion Detection 172
Darknets, Honeypots, and Other Snares 193
Forensics Techniques and Tools for Botnet Detection 196
Summary 225
Solutions Fast Track 225
Frequently Asked Questions 230
Chapter 6. Ourmon: Overview and Installation 234
Introduction 235
Case Studies:Things That Go Bump in the Night 237
How Ourmon Works 244
Installation of Ourmon 249
Summary 256
Solutions Fast Track 257
Frequently Asked Questions 258
Chapter 7. Ourmon: Anomaly Detection Tools 262
Introduction 263
The Ourmon Web Interface 264
A Little Theory 269
TCP Anomaly Detection 272
UDP Anomaly Detection 289
Detecting E-mail Anomalies 292
Summary 296
Solutions Fast Track 296
Frequently Asked Questions 300
Chapter 8. IRC and Botnets 302
Introduction 303
Understanding the IRC Protocol 303
Ourmon’s RRDTOOL Statistics and IRC Reports 307
Detecting an IRC Client Botnet 315
Detecting an IRC Botnet Server 321
Summary 326
Solutions Fast Track 326
Frequently Asked Questions 328
Chapter 9. Advanced Ourmon Techniques 330
Introduction 331
Automated Packet Capture 331
Ourmon Event Log 341
Tricks for Searching the Ourmon Logs 342
Sniffing IRC Messages 346
Optimizing the System 351
Summary 356
Solutions Fast Track 356
Frequently Asked Questions 360
Chapter 10. Using Sandbox Tools for Botnets 362
Introduction 363
Describing CWSandbox 365
Examining a Sample Analysis Report 376
Interpreting an Analysis Report 385
Bot-Related Findings of Our Live Sandbox 400
Summary 402
Solutions Fast Track 404
Frequently Asked Questions 407
Chapter 11. Intelligence Resources 408
Introduction 409
Identifying the Information an Enterprise/University Should Try to Gather 409
Places/Organizations Where Public Information Can Be Found 415
Membership Organizations and How to Qualify 420
Confidentiality Agreements 421
What to Do with the Information When You Get It 424
The Role of Intelligence Sources in Aggregating Enough Information to Make Law Enforcement Involvement Practical 426
Summary 428
Solutions Fast Track 428
Frequently Asked Questions 431
Chapter 12. Responding to Botnets 434
Introduction 435
Giving Up Is Not an Option 435
Why Do We Have This Problem? 437
What Is to Be Done? 446
A Call to Arms 462
Summary 464
Solutions Fast Track 465
Frequently Asked Questions 468
Appendix A: FSTC Phishing Solutions Categories 470
Index 476
Erscheint lt. Verlag | 18.4.2011 |
---|---|
Co-Autor | Anthony Bradley, Michael Cross, Gadi Evron, David Harley, Chris Ries, Carsten Willems |
Sprache | englisch |
Themenwelt | Sachbuch/Ratgeber |
Informatik ► Netzwerke ► Sicherheit / Firewall | |
Informatik ► Theorie / Studium ► Kryptologie | |
Mathematik / Informatik ► Mathematik ► Finanz- / Wirtschaftsmathematik | |
Wirtschaft ► Betriebswirtschaft / Management | |
ISBN-10 | 0-08-050023-4 / 0080500234 |
ISBN-13 | 978-0-08-050023-2 / 9780080500232 |
Haben Sie eine Frage zum Produkt? |
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich