“Botnet Attack and Analysis” Tynan Wilk

A short paper which discusses the repeated theme of invading IRC chat rooms as a way of attack and detecting potential and existing botnets. The author provides a sample HTTP Get request and details on how to utilize Google as a detection mechanism for discovering vulnerable targets that are likely to become zombies in the future. The paper reaches it’s climax with the author discussing a brief synopsis of what exactly happened upon entry into an IRC chat room in which he had the rare chance to actually speak with one of the “Herders” in person. The herder was actually not threatened at all by the presence of the author(In the sense that he was annoyed rather than alarmed), and banned him leaving him with the statement that the author was a rare and lucky case not to have been infected but that new attacks were being developed so that one day this luck would eventually fade if the author did not keep up with the technology gap between intruder and victim. Quite a few themes seem to be reoccurring in these papers, none of them seem to be indicative of a positive outlook for the future of network security.


New Insights Into the Elimination of Botnets

Lecture: Botnets” Anticipating failure” Rick Wesson.

Great  lecture about how Botnets are run, the internal workings of Botnet Harvesters and defense mechanisms against having your personal servers turned into “Zombie” computers and used to extract data as well as preformed a myriad of other functions. The rather apocalyptic view probably giving the lecture its name “Anticipating Failure”, a view I personally hold as true about the nature of the current status of the lack of security found globally. The lecture goes over a spectrum of key points, very helpful in terms of conducting research in this realm. Topics of interest include; Detection Systems, proper handling of found Botnets inside of a server that you own, legality, and overall devastating systemic failures. The lecture has a great collection of ideas and anecdotes that are rather off center such as “buy a Mac, it will buy you two extra years” and does a good job pointing out specific institutions that have been contacted but who repeatedly refuse to come together and create a centralized defense and detection system for dealing with this extremely ever expanding problem. Regardless of the gaps in strategy that become obvious throughout the lecture in terms of formatting such a system, the conclusion is evident; Botnets are here, they are real, and they are much more dangerous than most people realize.

“Researching Botnets” Nicolas Albright.

A relatively good paper on the subject of how to defend your network against possible enslavement, and detection mechanism’s. The paper is of a more technically oriented nature and provides a foundational framework for actually going out and being proactive in the realm of Botnet research and detection. Included in the paper is a collection of such useful tools as who to contact if a virus is detected and not already registered with the major anti-virus software companies and data collection agencies. Protocol on how to approach IRC chat rooms while raising minimal amounts of suspicion and gathering highly important data. The paper also discusses the mechanics of sniffers, auditing, and other aspects of network security in relation to Botnets and marginalization of the damage done by them.

An Update On The Books I Am Reading With Analysis

“The Art of Intrusion: The real stories behind the exploits of Hackers, Intruders, and Deceivers” Kevin Mitnick, et al.

– This book had many interesting stories about the various exploits of (mostly anonymous) hackers, con artists, and intelligent deceptive people in general. What I found much more interesting however is Mitnick’s personal take on the various exploits. The book hardly ever actually mentions his own experience in the realm of hacking( An area in which I do very much admire his notorious works), and instead speaks with the tone of a hacker, but a much more grown up, reformed hacker. Throughout various chapters in the book, it becomes apparent the publishers choose Mitnick,(Or at least agreed to finance his project) without a definitive clause stipulating whether he had to be an advocate or adversary of the people mentioned. Many times he calls them intelligent. At others, he insults them for using elementary tactics and lacking real skill. He includes segments on proper security protocols to mitigate a range of attacks, with insights ranging from how to prevent social engineering, to proper network configuration and architecture.

Information Security: Practices and Principles” Mark Stamp, et al.

– Very good book in terms of read especially for a topic that is usually both very hard to comprehend and boring for the average reader. The book covers a broad range of topics related to the field of computer security and delves into a rather deep segment on cryptography including biometric security systems and the current statistics in regards to their effectiveness. Probably the most useful of the books I have read, Information Security not only provides coverage of a wide range of fields, but does so in an efficient enough manner that the reader gets a relatively in-depth grasp of the math behind much of the applications in progress, current practices and protocols in information security, and questions that have yet to be answered.

“Computer Security Managment” Donn B.Parker.

– Computer Security Management is a text aimed more directly at people who either work as business executives and need help determining how to manage their various IT departments. It could also be thought of as a supplementary text pr brief introduction into what IT personnel should and should not do in order to optimize security. The segment on what companies should consider “secret information” and what should be declassified made for an interesting and informative read. The section of computer forensics and asset recovery also provided insight into an area of computer security I am not all that acquainted with(more so the asset recovery). The book takes a very firm stance that a rigid “militaristic type approach” be implemented in regards to job titles and their associated privileges. It also goes in-depth into what personnel type is most likely to commit what type of attack along with preemptive detection techniques and security practices that would stop these potential attacks. This section was most useful in that, it was about thwarting an attack rather than covering areas in which I have a larger library of knowledge such as common attacks and programs.

“Reconfiguring the Firewall: Carol J Burger et al.”

– The title of the book if taken alone, would be a bad indication of what the actual information within the novel is about. Although not directly related to any of my associated topics of research, the book presented a fundamental flaw in today’s world of computer security, a relatively large one at that. It does this by depicting (In detail) a grouping of theories and statistical information on why women do not enter the IT fields. Multiple minds are usually better than one, and most well developed think tanks utilize differing mindsets and personality types, without the perspective of women, a large piece of the defensive puzzle goes missing.

Understanding the Intent of This Blog

This blog is part of a mandatory requirement to keep bench mark updates as to the progress of our research. Being that the field I am conducting research in is very sensitive in nature, I am not sure how well this blog will function. I can however, state definitively that we will be constructing a Bastion Host or “Box”, and will be letting some the public try their best at gaining root access. Coming from the opposing standpoint (you decipher what that means exactly), it will be an interesting endeavor for me and the other CS students affiliated with the project. I ask that those who read this blog and decide to attempt to gain access, do so with the “Hackers Mindset” and with the appropriate etiquette (which would include submission of a handle for credit to be given and documentation of how the entire attack was preformed). It is rather nice for the IT people to allow for this type of project and it would be appreciated if things went well.

Research Day 1

Did some reading on the older intrusions, found contradictory elements in much of the literature which made me laugh. Whats more believable? The account of a 16 year old defacing the Jurassic Park homepage three days before opening night, then reveal the exploit only to go on to receive a Job offer and reject it ( This is an account from a book by Mitnick himself and thus gains some credibility in my mind). The second story by a equally credible author, Schneier, who wrote the widely read “applied cryptography” but lacks knowledge of what the real underground culture of hacking is largely constituted off (read Secrets and Lies a relatively interesting book), who says the website was defaced as a Marketing Ploy to sell tickets. Hard call in my opinion.