I've received a number of emails that indicates a lot of people are in the dark about BotNets. John Kristoff made an excellent technical presentation regarding BotNets at NANOG 32 in Reston. http://www.nanog.org/mtg-0410/pdf/kristoff.pdf I have an executive level summary I'm willing to share if it can be useful. Off-list please. Thanks. -M< -- Martin Hannigan (c) 617-388-2663 VeriSign, Inc. (w) 703-948-7018 Network Engineer IV Operations & Infrastructure hannigan@verisign.com
Can somebody also share good definition of "BOT" and "BOTNET" for glossary and description of 2-4 lines? Should I also list it as synonymous with Zombie (bot being more hacker-oriented use and zombie being more toward spammer-oriented use)? On Mon, 20 Dec 2004, Hannigan, Martin wrote:
I've received a number of emails that indicates a lot of people are in the dark about BotNets.
John Kristoff made an excellent technical presentation regarding BotNets at NANOG 32 in Reston.
http://www.nanog.org/mtg-0410/pdf/kristoff.pdf
I have an executive level summary I'm willing to share if it can be useful. Off-list please. Thanks.
-M<
-- Martin Hannigan (c) 617-388-2663 VeriSign, Inc. (w) 703-948-7018 Network Engineer IV Operations & Infrastructure hannigan@verisign.com
At 02:01 PM 12/20/04 -0800, william(at)elan.net wrote:
Can somebody also share good definition of "BOT" and "BOTNET" for glossary and description of 2-4 lines? Should I also list it as synonymous with Zombie (bot being more hacker-oriented use and zombie being more toward spammer-oriented use)?
It is not really synonymous, but the distinction is subtle. How about: "bot": derivative of "robot". An application on an infected computer used for orchestrated attacks or for distributed generation of spam, often distributed in or with viruses or other malware. Similar to "zombie", which is an older usage specific to distributed denial of service attacks. "botnet": a set of bots that may be controlled as a single service, and which may be leased or sold to a user as a unit.
"bot": derivative of "robot". An application on an infected computer used for orchestrated attacks or for distributed generation of spam, often distributed in or with viruses or other malware. Similar to "zombie", which is an older usage specific to distributed denial of service attacks.
I believe calling them "bots", although correct, is a mistake. "drones" or "zombies" or whatever "shark" ( *wink* :) ) you like would probably work. How else are we going to be able to tell the difference from real bots? I.e. those bots that people run legitimately, meaning not by the AUP of the service the bots run on but rather by the approval of the machine administrator/operator. This is not to say these bots must be non-abusive, but to distinguish them from the.. erm.. drones! :)
"botnet": a set of bots that may be controlled as a single service, and which may be leased or sold to a user as a unit.
I believe that a "distributed (centrally controlled) network of <insert word>" would serve us best. Under "normal"/root conditions, you can make a program do whatever you want for it to do, on a Windows machine. So what it serves for is irrelevant if we want to be abstract. Gadi.
william(at)elan.net wrote:
Can somebody also share good definition of "BOT" and "BOTNET" for glossary and description of 2-4 lines? Should I also list it as synonymous with Zombie (bot being more hacker-oriented use and zombie being more toward spammer-oriented use)?
I'd let others define a "botnet". Drones and zombies (same thing) come to distinguish themselves from regular users. The user is not aware that his machine is running, say, an IRC client. The client itself may appear human, but is completely dead. Just a bot following/awaiting commands. Usually people call them "drone armies" and "zombie networks", but go figure.. nothing special there. Basically, these are all ro(BOT)s, but not run by the people whose machine is running their process. Gadi.
On Mon, 20 Dec 2004, william(at)elan.net wrote: Try as well: http://swatit.org/bots/index.html -Hank
Can somebody also share good definition of "BOT" and "BOTNET" for glossary and description of 2-4 lines? Should I also list it as synonymous with Zombie (bot being more hacker-oriented use and zombie being more toward spammer-oriented use)?
On Mon, 20 Dec 2004, Hannigan, Martin wrote:
I've received a number of emails that indicates a lot of people are in the dark about BotNets.
John Kristoff made an excellent technical presentation regarding BotNets at NANOG 32 in Reston.
http://www.nanog.org/mtg-0410/pdf/kristoff.pdf
I have an executive level summary I'm willing to share if it can be useful. Off-list please. Thanks.
-M<
-- Martin Hannigan (c) 617-388-2663 VeriSign, Inc. (w) 703-948-7018 Network Engineer IV Operations & Infrastructure hannigan@verisign.com
+++++++++++++++++++++++++++++++++++++++++++ This Mail Was Scanned By Mail-seCure System at the Tel-Aviv University CC.
participants (5)
-
Fred Baker -
Gadi Evron -
Hank Nussbacher -
Hannigan, Martin -
william(at)elan.net