[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Howto Simulate a BotNet ?



That is a nice tool as such. Many of my friends have tested it, and it
is really cool.

Shyaam

On Fri, May 8, 2009 at 10:00 PM, Tomas L. Byrnes <tomb@xxxxxxxxxxx> wrote:
> Excuse the toppost:
>
> You might want to look into the work done @ SRI on the BotHunter project by 
> Phil Porras, and Farnham Jahanian and others' work @ University of Michigan, 
> which led to the creation of Arbor Networks.
>
>
>
>>-----Original Message-----
>>From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx [mailto:full-disclosure-
>>bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Jan G.B.
>>Sent: Thursday, May 07, 2009 7:28 AM
>>To: Mark Sec
>>Cc: Valdis.Kletnieks@xxxxxx; Untitled
>>Subject: Re: [Full-disclosure] Howto Simulate a BotNet ?
>>
>>2009/5/7 Mark Sec <mark.sec@xxxxxxxxx>:
>>> Well, Im looking info:
>>>
>>> 1) See all the traffic (Over botnet)
>>> 2) Administering many slaves (Lab) with the master (lab) via IRC, web,
>>> etc...
>>> 3) Probe attacks DDoS and DoS (Lab)
>>> 4) Probe remote and Local Exploits
>>> 5) Infected via remote <iframe>, exploit, XSS etc.
>>>
>>> any1 ?
>>>
>>> -Mark :-)
>>>
>>>
>>
>>
>>Sounds to me, like you're about to test your botnet client in a
>>virtual environment.
>>
>>
>>>
>>>
>>> 2009/5/6 Aadil Noorkhan <a.noorkhan@xxxxxxxxxxxxx>
>>>>
>>>> Hello,
>>>>
>>>> The closest I could find are:
>>>> - http://pages.cs.wisc.edu/%7Epb/botnets_final.pdf (rather
>>interesting
>>>> paper about an inside look at botnets)
>>>> - http://www.breakingpointsystems.com/community/blog/botnet-
>>simulation
>>>> (video about a botnet simulation by BreakingPointSystems)
>>>>
>>>> Cheers,
>>>> Aadil.
>>>>
>>>> On Thu, 2009-05-07 at 05:36 +0400, Valdis.Kletnieks@xxxxxx wrote:
>>>> > On Wed, 06 May 2009 18:07:48 CDT, Mark Sec said:
>>>> >
>>>> > > Does any1 know a tool. squema, info or ideas to simulate a
>>Botnet?
>>>> > >
>>>> > > Ideas:
>>>> > >
>>>> > > A) Many Vmware (workstations) over win32
>>>> > > B) Make a fake traffic
>>>> > > C) Make a scripts to simulate many hosts
>>>> > > D) IDS/ IPS (to see the traffic)
>>>> >
>>>> > What behavior(s) of a botnet are you trying to simulate?  There's a
>>lot
>>>> > of approaches, as you've already noticed - which one will work best
>>will
>>>> > depend a lot on what you're trying to do.
>>>> --
>>>> Aadil NOORKHAN
>>>> Administrateur Unix
>>>> ------------------------------------------------------
>>>> LINKBYNET Indian Ocean
>>>> BG Court, Route Saint-Jean, Quatre Bornes, Ile Maurice
>>>> Tel direct : (+33) 01 48 13 21 78
>>>> Tel : (+33) 1 48 13 00 00
>>>> Fax : (+33) 1 48 13 31 21
>>>> Email : a.noorkhan@xxxxxxxxxxxxx
>>>> Web : www.linkbynet.com
>>>> ______________________________________________________
>>>> Astreinte : http://www.linkbynet.com/astreinte/
>>>>
>>>
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
Thank you in advance for your time and consideration.
Kind Regards,
Shyaam Sundhar R.S.

Site: www.EvilFingers.com

Certification History:

Audit: GPCI
Legal: GCDS
Management: GLDR
Security: SSP-CNSA, SSP-MPA, SSP-GHD, GREM, GHTQ, GWAS, GIPS, GCFA, GCIA, GCIH
Anti-Terrorism: CAS

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/