lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <867780538CE4AD4BAF3F931D5088A3B79D4CF4FE@es05co>
Date: Sun, 18 Sep 2011 00:10:56 +0000
From: Corey Nachreiner <Corey.Nachreiner@...chguard.com>
To: RandallM <randallm@...mail.com>, "full-disclosure@...ts.grok.org.uk"
	<full-disclosure@...ts.grok.org.uk>
Subject: Re: understanding the botnet C&C..

This basic video series may help:

http://www.watchguard.com/tips-resources/video-tutorials/botnets-part-one.asp
http://www.watchguard.com/tips-resources/video-tutorials/botnets-part-two.asp
http://www.watchguard.com/tips-resources/video-tutorials/botnets-part-three.asp
http://www.watchguard.com/tips-resources/video-tutorials/botnet-source-code-for-overachievers.asp

That said, we made that ages ago. It is quite dated. Most modern botnets have started to use HTTP C&C channels, often encrypted. They also sometimes obfuscate their C&C via proxies and p2p. Leaked source code for Zues and spyeye probably would provide a better idea of how modern botnets work.

Cheers,

Corey Nachreiner, CISSP | Senior Network Security Strategist
WatchGuard Technologies, Inc. | www.watchguard.com

206.613-0873 Direct
206.227.6905 Mobile
corey.nachreiner@...chguard.com

Office Hours: 9:15 AM to 6:15 PM Pacific (GMT-8), Mon - Fri

Better be despised for too anxious apprehensions, than ruined by too confident security. - Edmund Burke
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
WatchGuard: Stronger Security, Simply Done


-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of RandallM
Sent: Friday, September 16, 2011 8:38 AM
To: full-disclosure@...ts.grok.org.uk
Subject: [Full-disclosure] understanding the botnet C&C..

hi
an area that I am basically "stupid" on is botnets. Not what they are
but "how" they work through IRC as the control center. Not just that
but the various modern programs used. I am aware for instance LOIC can
be used to connect to an IRC channel.. but, how then does the "herder"
do the job from IRC..how does he issue commands that all the computers
connected act upon, etc. ? My curiosity has just got the best of me
and I would like some pointers to good material that can feed it.

Sorry for the "troll" like post but I really would like to understand
this further. Have done a number of Google searching but have hope
someone here has done personal research.

-- 
been great, thanks
RandyM
a.k.a System

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ