Chapter 12 Quiz

Question:

Centralized Botnets often use either IRC or HTTP for communication. Give an advantage achieved by using each, and a disadvantage of using each.

Answer:

  • IRC - Uses the IRC (Internet Relay Channel) for communication. The commands are sent very quickly so the response times are good. But it is hard to mask this type of traffic, IRC traffic can easily be blocked. Using odd port numbers for the traffic is also a red flag.
  • HTTP - Because this is so common, it is not feasible to scan all traffic for potential botnet commands. If HTTPS is used, then it cannot be inspected and will pass through firewalls. But because HTTP must poll servers and wait for responses, the reaction time for the bots is slower and only gets worse when larger numbers of bots are active. Too many bots will crash their C&C server.

Discussion:

  • In the begining of the chapter, the book gives a scenario where an unknowing person has become a bot host and has his internet turned off and has received emails from various companies warning him to stop. Is he responsible for what the bot did while in control of his machine?
  • The book mentions a few cases where the botmasters are arrested, all of them were either teenagers or in their early 20's. Is this a coincidence or are the younger people tending to be resposible?
  • What makes P2P such a problem for security?
  • How can we prevent botnets?
Topic revision: r3 - 2014-04-02 - JimSkon
 
This site is powered by the TWiki collaboration platformCopyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback