We discuss some techniques currently used by intruders to control groups of compromised machines (botnets). We show how honeynets can be used to identify, monitor and understand the behavior of botnets. We describe a real attack in detail, illustrating analysis techniques developed specifically for botnets. The tools, network topology and strategies we describe can easily be adopted by other researchers and the network security community.
Botnet, computer network security, honeynet, site security monitoring.
To return to the Volume/Number webpage, click here.
THE INTERNATIONAL JOURNAL OF FORENSIC COMPUTER SCIENCE - IJoFCS
Volume 3, Number 1, pp 33-41, DOI: 10.5769/J200801003 or http://dx.doi.org/10.5769/J200801003
Botnet Detection and Analysis Using Honeynet
By M .C. Sacchetin, A. R. A. Gregio, L.O. Duarte, and A. Montes
To download this paper, click here