Possible Defenses against Botnet Attacks
"Malicious botnets", networks of "zombie" computers controlled and commanded by outsiders with nefarious intentions ranging from Directed Denial of Service (DDoS) attacks to simple spamming and ad insertions are considered by Internet security experts as the major threat in the coming months and years.
The Federal Bureau of Investigation (FBI) has recently announced that it has identified at least one million 'captive' computers in the United States. At the same time, various Internet security experts believe that there are anywhere from three to 35 million bots operating in the world-wide web, infecting an average of 250,000 Internet Protocol (IP) addresses a day, representing literally thousands of internet-connected devices from desktop computers to iPods.
A key concern of many security experts stems from the fact that bots and the codes that make them up are readily available online. Worse, many of the malicious codes that make up these bots are modular, making it easier for bot operators to 'mix and match' codes to launch attacks against vulnerable networks or sites.
Defending Against Botnets
The best defense against botnets undertaking a DDoS attack is a layered approach using firewalls, 'diversionary' paths (in which bots are directed to a 'holding area' where they can be studied and 'disarmed') and other such techniques. Among the steps that can be taken by companies or networks to alleviate the threat of botnet attacks are:
- Putting a full security suite in place, at all levels of the digital environment; from desktop/laptop/notebooks to servers, internal networks and external connections to the Internet. "Full" security includes anti-virus, anti-spam, anti-adware systems with constant and timely updates as well as firewalls, intrusion detection software and e-mail gateways;
- Establishing a workable patch management system which ensures that security patches are updated frequently and as soon as they are made available;
- Educating users to be wary of attachments or weblinks in their email. Most malicious code (in the form of Trojans, worms and the like) are embedded in innocuous email attachments or weblinks that allow the code to sneak in;
- Shutting down external access, especially through the 'ports' (pathways in and out of the system that are used to move programs and files) which are not used for particular applications. Among the ports which should be considered for full or partial closure are those used for Internet Relay Chats (IRCs) and File Transfer Protocols (FTP) applications which are favored means for bots to communicate with their 'controllers';
- For operators and webmasters, a key learning lies in monitoring the traffic 'flux' of the network, which would lead to the operators and webmasters being able to detect or suspect if a botnet attack is underway; and
- Developing a systematic plan to disrupt a botnet attack, including knowing how to isolate a 'polluted' machine from the network as soon as an attack is detected. The machine can then be studied at leisure, pinpointing the vulnerabilities which allowed the bots in and developing patches or approaches to deal with the problem.
|
|
Comments (3)
Leave a Reply
- Botnet
A botnet or robot network is a group of computers running a computer application that only the owner or software source controls and manipulates. The botnet may refer to a legitimate network of several computers that share program processing amongst them. Usually though, when people talk about botnets, they are talking about a group of [...]...
- Denial of Service (DoS) Attacks
A Denial of Service (DoS) attack is one that attempts to prevent the victim from being able to use all or part of his/her network connection. A denial of service attack may target a user to prevent him/her from making outgoing connections on the network. It may also target an entire organization to either prevent [...]...
- Internet Bots
An Internet Bot is a software application that does repetitive and automated tasks in the Internet that would otherwise take humans a long time to do. The most common Internet bots are the spider bots which are used for web server analyses and file data gathering. Bots are also used to provide the required higher [...]...
- Defenses to ID Theft
Identity theft occurs when an individual or group of individuals steals one’s identity in order to commit theft or fraud. The most common types of identity theft is when a person steals personal or financial information to either steal money from an already established credit card or bank account or open up a new loan [...]...
- Brute Force Attack
A brute force attack consists of trying every possible code, combination, or password until the right one is found. Determining the Difficulty of a Brute Force Attack The difficulty of a brute force attack depends on several factors, such as: How long can the key be? How many possible values can each key component have? [...]...
how does this even help?
How exactly would using a firewall, prevent a DDOS attack?
I have been attacked before and anything you put on your computer can not stop a thousand bots from overloading your bandwidth, preventing you from doing anything on the internet.
I think this refers to a hardware firewall which would redirect traffic away from the target computer. This could also be in your router. You’re right though that this would still spend your bandwidth, but then again if you’re personally a victim of a DDOS on a home computer (which I would think should be extremely rare) your best bet might be to disconnect the router.
I have removed my router all together and run only off of my “Power Injector”
This not only protects your connection but will in most cases free up much needed bandwidth.