Quiz Chapter 8

Considering: This chapter discussed the anonymous and distributed nature of botnets and the financial motivations behind creating and running one.
Question: Name and explain three difficulties in tracing a botnet back to its botmaster?

Answer:

The initial challenges posed by attempting to trace a botnetback to its master include the extent to which botmasters go to anonymize their communication with the C&C center or portion of the botnet. The measures they use include: stepping stones, multiple protocols, encryption, low-traffic volume communication and beyond internet traceback. Stepping stones are infected hosts that run a means of concealing communications that pass through them, making any effort to trace packet flows back through them incredibly costly. Multiple protocols includes using techniques of protocol tunneling between the bots and the C&C, and a popular intermediate form is instant messages. Encryption, simply as its name implies, is applying some form of encryption over communication messages between the C&C and the bots in order to fool IDSs. Low-traffic volume communication simply refers to the fact that large amounts of tasks and actions can be communicated with a small amount of communication between the C&C and the bots, leaving little evidence to be used by IDSs building behavioral models of botnets. Finally, beyond internet traceback, refers to the problem of physically locating any device connected to the internet through an IP address because IP addresses are dynamically assigned at various locations, further time consuming investigation that includes communication between multiple corporate entities and manual human action is required to physically locate a device, in which time the botmaster may easily slip away.

Topic revision: r2 - 2013-12-18 - JimSkon
 
This site is powered by the TWiki collaboration platformCopyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback