In Chapter 11 of Virtual Honeypots: From Botnet Tracking to Intrusion Detection by Niels Provos and Thorsten Holz, learn how to use virtual honeypots to track botnets and other malware in your clients' systems. The book will help you understand what botnets are and how they are detected. Learn to defend your clients' computers using these botnet trackers.
In this chapter we discuss how honeypots can be used in the real world to learn about threats. We will start by showing you what can be learned about threats such as malware and botnets -- networks of compromised machines that can be remotely controlled by an attacker. Botnets can cause much harm in today's Internet. For example, they are often used to mount Distributed Denial of Service (DDoS) attacks or to send out spam or phishing mails. Moreover, botnets can be used for mass identity theft or other abuses of the compromised machines.
Honeypots allow us to learn more about this threat. We can use the tools introduced in the previous chapters combined with some other tools to study botnets in detail. In this chapter, we introduce the underlying methodology and present our results based on real-world data. We first describe what bots and botnets are and then introduce a methodology to track botnets. Based on the collected data, we give an overview of common attack techniques seen in the wild. We conclude this chapter with a brief overview of several ways for botnet mitigation.
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Home: Virtual honeypots: Tracking botnets
1: Bot and botnet 101
2: Tracking botnets
3: Case studies
4: Defending against bots
About the book:
Honeypots have demonstrated immense value in Internet security, but physical honeypot deployment can be prohibitively complex, time-consuming, and expensive. Now, there's a breakthrough solution. Virtual honeypots share many attributes of traditional honeypots, but you can run thousands of them on a single system-making them easier and cheaper to build, deploy, and maintain.
In this hands-on, highly accessible book, two leading honeypot pioneers systematically introduce virtual honeypot technology. One step at a time, you'll learn exactly how to implement, configure, use, and maintain virtual honeypots in your own environment, even if you've never deployed a honeypot before. Purchase Virtual Honeypots: From Botnet Tracking to Intrusion Detection from Addison-Wesley Publishing.
About the authors:
Niels Provos is a senior staff engineer at Google. He developed Honeyd, an open source virtual honeypot that won the Tops in Innovation award from Network World, and is one of the cocreators of OpenSSH. Provos holds a degree in mathematics from the University of Hamburg and a Ph.D. in computer science and engineering from the University of Michigan.
Thorsten Holz is a Ph.D. student at the Labratory for Dependable Distributed Systems at the University of Mannheim, Germany. He is one of the founders of the German Honeynet Project and a member of the Steering Committee of the Honeynet Research Alliance. He regularly blogs at http://honeyblog.org.
This was first published in October 2007