Scribd
Upload
7 views

BOTNET

BOTNET

Uploaded by

whitedominator17
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
7 views

BOTNET

BOTNET

Uploaded by

whitedominator17
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

BOT:

A bot is a piece of malware that infects a computer to carry out commands under
the remote control of the attacker.

BOTNET:
A botnet (short for “robot network”) is a network of computers infected by
malware that are under the control of a single attacking party, known as the “bot-
herder.” Each individual machine under the control of the bot-herder is known as a
bot. From one central point, the attacking party can command every computer on
its botnet to simultaneously carry out a coordinated criminal action. The scale of a
botnet (many comprised of millions of bots) enable the attacker to perform large-
scale actions that were previously impossible with malware. Since botnets remain
under control of a remote attacker, infected machines can receive updates and
change their behavior on the fly.

Botnets are created when the bot-herder sends the bot from his command and
control servers to an unknowing recipient using file sharing, email, or social media
application protocols or other bots as an intermediary. Once the recipient opens the
malicious file on his computer, the bot reports back to command and control where
the bot-herder can dictate commands to infected computers.

A number of unique functional traits of bots and botnets make them well suited for
long-term intrusions. Bots can be updated by the bot-herder to change their entire
functionality based on what he/she would like for them to do and to adapt to
changes and countermeasures by the target system. Bots can also utilize other
infected computers on the botnet as communication channels, providing the bot-
herder a near infinite number of communication paths to adapt to changing options
and deliver updates. This highlights that infection is the most important step,
because functionality and communication methods can always be changed later on
as needed.

1|P RA D OSH BAND YOPA DH YA Y


Client-server model

In the client-server botnet structure, a basic network is established with one server
acting as a botmaster. The botmaster controls the transmission of information from
each client to establish command and control (C&C) of the client devices. The
client-server model works with the help of special software and allows the
botmaster to maintain control. This model has a few drawbacks such as it can be
located easily and has only one control point. In this model, if the server is
destroyed, the botnet perishes.

Peer-to-peer
To overcome the drawback of relying on one centralized server, botnets have
evolved. New botnets are interconnected in the form of peer-to-peer structure. In
the P2P botnet model, each connected device works independently as a client and a
server, coordinating among each other to update and transmit information between
them. The P2P botnet structure is stronger because of the absence of a single
centralized control.

2|P RA D OSH BAND YOPA DH YA Y


What is a denial-of-service attack?

A denial-of-service (DoS) attack is a type of cyber-attack in which a malicious


actor aims to render a computer or other device unavailable to its intended users by
interrupting the device's normal functioning. DoS attacks typically function by
overwhelming or flooding a targeted machine with requests until normal traffic is
unable to be processed, resulting in denial-of-service to addition users. A DoS
attack is characterized by using a single computer to launch the attack.

A distributed denial-of-service (DDoS) attack is a type of DoS attack that comes


from many distributed sources, such as a botnet DDoS attack.
How does a DoS attack work?
The primary focus of a DoS attack is to oversaturate the capacity of a targeted
machine, resulting in denial-of-service to additional requests. The multiple attack
vectors of DoS attacks can be grouped by their similarities.

DoS attacks typically fall in 2 categories:


Buffer overflow attacks
An attack type in which a memory buffer overflow can cause a machine to
consume all available hard disk space, memory, or CPU time. This form of exploit
often results in sluggish behavior, system crashes, or other deleterious server
behaviors, resulting in denial-of-service.
Flood attacks
By saturating a targeted server with an overwhelming amount of packets, a
malicious actor is able to oversaturate server capacity, resulting in denial-of-
service. In order for most DoS flood attacks to be successful, the malicious actor
must have more available bandwidth than the target.

3|P RA D OSH BAND YOPA DH YA Y


Distributed Denial-of-Service (DDoS)
A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the
normal traffic of a targeted server, service or network by overwhelming the target
or its surrounding infrastructure with a flood of Internet traffic.

DDoS attacks achieve effectiveness by utilizing multiple compromised computer


systems as sources of attack traffic. Exploited machines can include computers and
other networked resources such as IoT devices.

From a high level, a DDoS attack is like an unexpected traffic jam clogging up the
highway, preventing regular traffic from arriving at its destination.

How to identify a DDoS attack


The most obvious symptom of a DDoS attack is a site or service suddenly
becoming slow or unavailable. But since a number of causes — such a legitimate
spike in traffic — can create similar performance issues, further investigation is
usually required. Traffic analytics tools can help you spot some of these telltale
signs of a DDoS attack:
Suspicious amounts of traffic originating from a single IP address or IP range
A flood of traffic from users who share a single behavioral profile, such as device
type, geolocation, or web browser version
An unexplained surge in requests to a single page or endpoint

What is the difference between a DDoS attack and a DOS attack?

The distinguishing difference between DDoS and DoS is the number of


connections utilized in the attack. Some DoS attacks, such as “low and slow”
attacks like Slowloris, derive their power in the simplicity and minimal
requirements needed to them be effective.

4|P RA D OSH BAND YOPA DH YA Y


DoS utilizes a single connection, while a DDoS attack utilizes many sources of
attack traffic, often in the form of a botnet. Generally speaking, many of the attacks
are fundamentally similar and can be attempted using one more many sources of
malicious traffic.

5|P RA D OSH BAND YOPA DH YA Y

You might also like