“Botnet Attack and Analysis” Tynan Wilk

A short paper which discusses the repeated theme of invading IRC chat rooms as a way of attack and detecting potential and existing botnets. The author provides a sample HTTP Get request and details on how to utilize Google as a detection mechanism for discovering vulnerable targets that are likely to become zombies in the future. The paper reaches it’s climax with the author discussing a brief synopsis of what exactly happened upon entry into an IRC chat room in which he had the rare chance to actually speak with one of the “Herders” in person. The herder was actually not threatened at all by the presence of the author(In the sense that he was annoyed rather than alarmed), and banned him leaving him with the statement that the author was a rare and lucky case not to have been infected but that new attacks were being developed so that one day this luck would eventually fade if the author did not keep up with the technology gap between intruder and victim. Quite a few themes seem to be reoccurring in these papers, none of them seem to be indicative of a positive outlook for the future of network security.

Advertisements

Understanding the Intent of This Blog

This blog is part of a mandatory requirement to keep bench mark updates as to the progress of our research. Being that the field I am conducting research in is very sensitive in nature, I am not sure how well this blog will function. I can however, state definitively that we will be constructing a Bastion Host or “Box”, and will be letting some the public try their best at gaining root access. Coming from the opposing standpoint (you decipher what that means exactly), it will be an interesting endeavor for me and the other CS students affiliated with the project. I ask that those who read this blog and decide to attempt to gain access, do so with the “Hackers Mindset” and with the appropriate etiquette (which would include submission of a handle for credit to be given and documentation of how the entire attack was preformed). It is rather nice for the IT people to allow for this type of project and it would be appreciated if things went well.

Research Day 1

Did some reading on the older intrusions, found contradictory elements in much of the literature which made me laugh. Whats more believable? The account of a 16 year old defacing the Jurassic Park homepage three days before opening night, then reveal the exploit only to go on to receive a Job offer and reject it ( This is an account from a book by Mitnick himself and thus gains some credibility in my mind). The second story by a equally credible author, Schneier, who wrote the widely read “applied cryptography” but lacks knowledge of what the real underground culture of hacking is largely constituted off (read Secrets and Lies a relatively interesting book), who says the website was defaced as a Marketing Ploy to sell tickets. Hard call in my opinion.