Virtual honeypots: Tracking botnets

In Chapter 11 of Virtual Honeypots: From Botnet Tracking to Intrusion Detection by Niels Provos and Thorsten Holz, learn how to use virtual honeypots to track botnets and other malware in your clients' systems. The book will help you understand what botnets are and how they are detected. Learn to defend your clients' computers using these botnet trackers.

In this chapter we discuss how honeypots can be used in the real world to learn about threats. We will start by showing you what can be learned about threats such as malware and botnets -- networks of compromised machines that can be remotely controlled by an attacker. Botnets can cause much harm in today's Internet. For example, they are often used to mount Distributed Denial of Service (DDoS) attacks or to send out spam or phishing mails. Moreover, botnets can be used for mass identity theft or other abuses of the compromised machines.

Virtual Honeypots: From Botnet Tracking to Intrusion Detection Download the entire chapter in full as a .pdf file

Honeypots allow us to learn more about this threat. We can use the tools introduced in the previous chapters combined with some other tools to study botnets in detail. In this chapter, we introduce the underlying methodology and present our results based on real-world data. We first describe what bots and botnets are and then introduce a methodology to track botnets. Based on the collected data, we give an overview of common attack techniques seen in the wild. We conclude this chapter with a brief overview of several ways for botnet mitigation.

Virtual Honeypots: From Botnet Tracking to Intrusion Detection
  Home: Virtual honeypots: Tracking botnets
  1: Bot and botnet 101
  2: Tracking botnets
  3: Case studies
  4: Defending against bots
  5: Summary

About the book:

Honeypots have demonstrated immense value in Internet security, but physical honeypot deployment can be prohibitively complex, time-consuming, and expensive. Now, there's a breakthrough solution. Virtual honeypots share many attributes of traditional honeypots, but you can run thousands of them on a single system-making them easier and cheaper to build, deploy, and maintain. In this hands-on, highly accessible book, two leading honeypot pioneers systematically introduce virtual honeypot technology. One step at a time, you'll learn exactly how to implement, configure, use, and maintain virtual honeypots in your own environment, even if you've never deployed a honeypot before. Purchase Virtual Honeypots: From Botnet Tracking to Intrusion Detection from Addison-Wesley Publishing.

About the authors:

Niels Provos is a senior staff engineer at Google. He developed Honeyd, an open source virtual honeypot that won the Tops in Innovation award from Network World, and is one of the cocreators of OpenSSH. Provos holds a degree in mathematics from the University of Hamburg and a Ph.D. in computer science and engineering from the University of Michigan. Thorsten Holz is a Ph.D. student at the Labratory for Dependable Distributed Systems at the University of Mannheim, Germany. He is one of the founders of the German Honeynet Project and a member of the Steering Committee of the Honeynet Research Alliance. He regularly blogs at http://honeyblog.org.

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Malware protection and defense strategies Trend Micro's Worry-Free Business Security 6.0 extends partner opportunities SenSage tapped to participate in McAfee's Sales Teaming Program Agilex partners with HBGary to offer security forensic, assessment services What is the future of antivirus or antimalware software? Checklist: Five steps to assessing a customer's antivirus protection Top security book excerpts of 2007 Tracking botnets Case studies Botnets summary Defending against bots Chapter Downloads Book Chapter: Web hacking Testing the firewall - Introduction Check Point NGX R65 operational changes Common injection attacks Top security book excerpts of 2007 Google Hacking: Ten security searches that work Tracking botnets Case studies Defending against bots Botnets summary Virtualization security for security integrators Where do I start in discussing virtual security with my customers? Smaller vendors kick off virtual security trend Network virtualization security: Best practices Virtual network security from the Catbird's seat Security may be a selling point for desktop virtualization How to leverage a virtual private network in an enterprise WLAN Testing patches virtually saves money and space StillSecure takes the next step with virtual IPS

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary