Wednesday, March 16, 2005

Know your Enemy

Using honeynets to learn more about Bots

Ever wonder why your computer is running so slowly? Maybe it's been taken over by bots. Bots are the malicious bits of viral code that infect vulnerable machines and allow them to be contolled remotely. Once compromised, your desktop computer can be used to send spam, host websites and other files without your knowledge, attack and bring down other organization's sites, and make more bots. The Honeynet Project uses networks of deliberately vulnerable machines to attract bots (sometimes it only takes a few seconds) and trap them, observing their behavior and communications with selective firewall filters. Know your Enemy is the result of four year's research into the behavior of bots and the people who write and control them. It includes a taxonomy of common bots and botnets, as well as stories about their uses and interactions. Networks of bots can be hired to perform Denial of Service attacks, sending thousands of requests to a webserver at once in order to crash it, botnets can be taken over and assimilated by rival botnets, communications between bots in a network and their controllers take place via Internet Relay Chat and can be monitored and exploited. Know Your Enemy is a fascinating and readable look into this virulent and growing ecosystem:


See also: Cory Doctorow's All Complex Ecosystems have Parasites. He suggests that this kind of unpredictable and sometimes potentially dangerous growth is central to the way that software systems expand their functionality.

No comments: