Highest Voted 'botnet' Questions - IT Security Stack Exchange

48

votes

5 answers

I managed to capture a botnet control host, what do I do with it?

A few days ago one of my webhosting customers had their FTP login compromised, and the attacker modified his index.php file to include some extra code, and roughly twelve thousand other bots have been trying to access it via a POST operation…

botnet

asked Feb 28 '13 at 10:20

Shadur-don't-feed-the-AI

2,546
22
19

15

votes

6 answers

Why do botnets use IRC but not a web service for communication?

IRC seems still the most prominent way for communication within botnets. Why do attackers choose IRC? In my (very naive) opinion, to set up a web service is far more easier.

botnet

asked Mar 07 '11 at 09:50

user1221

9

votes

3 answers

Publicly available Botnet Traffic dataset

Is there any publicly data set on botnet traffic for machine learning purposes. i.e traffic set for both bad and good bots

botnet

asked Aug 07 '12 at 04:49

Ali Ahmad

4,844
8
37
61

7

votes

1 answer

Anatomy of a Botnet takedown

So Microsoft was partly responsible for taking down the Kelihos botnet back in Sept 2011. They used a variety of legal and technical measures to do so. I don't want to get into the global politics and legalities of what legal measures they took,…

botnet

asked Jan 24 '12 at 20:13

logicalscope

6,374
3
27
39

5

votes

3 answers

How do you search for a botnet out in the wild?

I'm interested in searching for botnets out in the wild. Besides Google dorking for a phrase or code used on the control panel backend for web based interfaces. What other ways are there to search for a botnet?

botnet

asked Oct 03 '12 at 21:01

Digital fire

3,186
5
32
44

4

votes

4 answers

How do botnets communicate without being caught?

This is something i have pondered about for a while now, but never really thought to ask. How is it that botnets can communicate with a controller of some sort to co-ordinate DDoS attacks and other nasties without it being traced back to the…

botnet

asked Oct 16 '15 at 12:54

James T

143
7

4

votes

2 answers

Creating botnet C&C server. What architecture should I use? IRC? HTTP?

I am doing a project related to botnets and I have to create a lightweight command and control server. But I am stuck: should I use IRC or a HTTP-based C&C? Even I am not getting any in-depth architecture or analysis of any C&C Server. I am using…

botnet

asked Sep 18 '15 at 13:03

tritiya

41
1
4

3

votes

2 answers

Why was the Hail Mary Cloud named so?

The Hail Mary Cloud was a botnet that slowly and intelligently attempted to bruteforce SSH logins. Why was it dubbed the Hail Mary Cloud though?

botnet

asked Apr 07 '12 at 17:21

Matty

141
3

2

votes

1 answer

finding bot generated traffic through object requested behavior

I have network traffic details, which consist of client IPs accessing a web server. Alongwith that I have the session ids through which the client IPs access the web server. In the session details I have the objects which the client IPs access…

botnet

asked Nov 27 '13 at 11:35

rohit

21
2

2

votes

3 answers

Chrome OS Security

I am new to how botnets work and I was wondering if Chrome OS could be infected to become part of a botnet? I own a chromebook and would love to know if this is possible for testing purposes. Is the OS too different for this to happen?

botnet

asked Jul 30 '16 at 20:22

Bernal

21
1

1

vote

1 answer

Why attacker do not care about masking the IP of the infected device of botnet?

I get a sentence: If an attack is created using a botnet the likelihood of tracking the attack back to its source is low. For an added level of obfuscation, an attacker may have each distributed device also spoof the IP addresses from which it…

botnet

asked Mar 25 '20 at 17:31

244boy

935
2
7
8

1

vote

0 answers

Question on a decentralized botnet, is this technically how communications would flow? (Flowchart)

I am trying to get into and researching botnets, to help myself learn and others prevent attacks. First thing is understanding how decentralized botnet's work. I asked a question yesterday explaining some things, then I made this flow chart to…

botnet

asked Mar 03 '19 at 11:19

ABC

115
4

0

votes

4 answers

how we know whether our computers are part of a botnet?

When we visit websites, unknowingly our computers can be a victims of a botnet. There should be a way to identify whether we are victims or not. What is the way to identify it and how to recover from it?

botnet

asked May 29 '15 at 17:57

Vijini

339
1
4
7

0

votes

3 answers

What are other channels Botnets can use for command and control except IRC

What command and control channels might a botnet use? Which would be most effective? I found good info on IRC, what are other possibilities? (Exam preparation - no harm intended :-) )

botnet

asked Aug 17 '13 at 14:12

Aubergine

101
3

0

votes

1 answer

How does the server-client scheme work in a botnet?

I am having trouble wrapping my head around the idea on how a server-client botnet structure actually works. Let's say that the server is A, and the client is B. We know A is listening always on port 1000, and A is the infected machine. We know B…

botnet

asked Mar 01 '19 at 08:39

ABC

115
4

Questions tagged [botnet]