[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <a0bba0905082044x10fa66d2vc174dc9c2155348b@mail.gmail.com>
Date: Fri, 8 May 2009 23:44:31 -0400
From: Shyaam <shyaam@...il.com>
To: "Tomas L. Byrnes" <tomb@...neit.net>
Cc: Untitled <full-disclosure@...ts.grok.org.uk>, Valdis.Kletnieks@...edu
Subject: Re: Howto Simulate a BotNet ?
That is a nice tool as such. Many of my friends have tested it, and it
is really cool.
Shyaam
On Fri, May 8, 2009 at 10:00 PM, Tomas L. Byrnes <tomb@...neit.net> wrote:
> Excuse the toppost:
>
> You might want to look into the work done @ SRI on the BotHunter project by Phil Porras, and Farnham Jahanian and others' work @ University of Michigan, which led to the creation of Arbor Networks.
>
>
>
>>-----Original Message-----
>>From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-
>>bounces@...ts.grok.org.uk] On Behalf Of Jan G.B.
>>Sent: Thursday, May 07, 2009 7:28 AM
>>To: Mark Sec
>>Cc: Valdis.Kletnieks@...edu; Untitled
>>Subject: Re: [Full-disclosure] Howto Simulate a BotNet ?
>>
>>2009/5/7 Mark Sec <mark.sec@...il.com>:
>>> Well, Im looking info:
>>>
>>> 1) See all the traffic (Over botnet)
>>> 2) Administering many slaves (Lab) with the master (lab) via IRC, web,
>>> etc...
>>> 3) Probe attacks DDoS and DoS (Lab)
>>> 4) Probe remote and Local Exploits
>>> 5) Infected via remote <iframe>, exploit, XSS etc.
>>>
>>> any1 ?
>>>
>>> -Mark :-)
>>>
>>>
>>
>>
>>Sounds to me, like you're about to test your botnet client in a
>>virtual environment.
>>
>>
>>>
>>>
>>> 2009/5/6 Aadil Noorkhan <a.noorkhan@...kbynet.com>
>>>>
>>>> Hello,
>>>>
>>>> The closest I could find are:
>>>> - http://pages.cs.wisc.edu/%7Epb/botnets_final.pdf (rather
>>interesting
>>>> paper about an inside look at botnets)
>>>> - http://www.breakingpointsystems.com/community/blog/botnet-
>>simulation
>>>> (video about a botnet simulation by BreakingPointSystems)
>>>>
>>>> Cheers,
>>>> Aadil.
>>>>
>>>> On Thu, 2009-05-07 at 05:36 +0400, Valdis.Kletnieks@...edu wrote:
>>>> > On Wed, 06 May 2009 18:07:48 CDT, Mark Sec said:
>>>> >
>>>> > > Does any1 know a tool. squema, info or ideas to simulate a
>>Botnet?
>>>> > >
>>>> > > Ideas:
>>>> > >
>>>> > > A) Many Vmware (workstations) over win32
>>>> > > B) Make a fake traffic
>>>> > > C) Make a scripts to simulate many hosts
>>>> > > D) IDS/ IPS (to see the traffic)
>>>> >
>>>> > What behavior(s) of a botnet are you trying to simulate? There's a
>>lot
>>>> > of approaches, as you've already noticed - which one will work best
>>will
>>>> > depend a lot on what you're trying to do.
>>>> --
>>>> Aadil NOORKHAN
>>>> Administrateur Unix
>>>> ------------------------------------------------------
>>>> LINKBYNET Indian Ocean
>>>> BG Court, Route Saint-Jean, Quatre Bornes, Ile Maurice
>>>> Tel direct : (+33) 01 48 13 21 78
>>>> Tel : (+33) 1 48 13 00 00
>>>> Fax : (+33) 1 48 13 31 21
>>>> Email : a.noorkhan@...kbynet.com
>>>> Web : www.linkbynet.com
>>>> ______________________________________________________
>>>> Astreinte : http://www.linkbynet.com/astreinte/
>>>>
>>>
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
Thank you in advance for your time and consideration.
Kind Regards,
Shyaam Sundhar R.S.
Site: www.EvilFingers.com
Certification History:
Audit: GPCI
Legal: GCDS
Management: GLDR
Security: SSP-CNSA, SSP-MPA, SSP-GHD, GREM, GHTQ, GWAS, GIPS, GCFA, GCIA, GCIH
Anti-Terrorism: CAS
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists