BotNet

BotNet

A BotNet is a number of devices connected to the internet each which is running one or more bots. BotNet can be used to perform distributed denial of service attack (DDoS) which can be in form of stealing data, send spams and allow the attacker to remote access to the devices which it has attacked.

The attacker can control the BotNet using specified software known as command and control software.

The first BotNet on the internet used a client server model (Client Server Model are distributed application structure that partitions tasks or workloads between the providers of a resource or service called servers and servers request called clients), the BotNets operated using Inter Relay Chat (IRC) network, (IRC is an application layer protocol that facilitates communication in form of text) domains or website.

BotNet

Infected clients access a predetermined location and await incoming commands from the server. The bot herder sends commands to the server, which relays them to the clients. Clients execute the commands and report their results back to the bot herder.

In the case of IRC BotNets, infected clients connect to an infected IRC server and join a channel pre-designated for C & C (Command and Control) by the bot herder. The bot herder sends commands to the channel via the IRC server. Each client retrieves the commands and executes them. Clients send messages back to the IRC channel with the results of their actions. In response to efforts to detect and decapitate IRC botnets, bot herders have begun deploying malware on peer-to-peer networks. These bots may use digital signatures so that only someone with access to the private key can control the botnet

BotNet

Newer botnets fully operate over P2P networks. Rather than communicate with a centralized server, P2P bots perform as both a command distribution server and a client which receives commands. This avoids having any single point of failure, which is an issue for centralized botnets.

In order to find other infected machines, the bot discreetly probes random IP addresses until it contacts another infected machine. The contacted bot replies with information such as its software version and list of known bots. If one of the bots’ version is lower than the other, they will initiate a file transfer to update. This way, each bot grows its list of infected machines and updates itself by periodically communicating to all known bots.

Fact: The word BotNet is the combination of the word Robot and Network

To find out more about BotNet visit https://en.wikipedia.org/wiki/Botnet

2019-08-07T16:03:33+00:00

Leave A Comment