Botnets

• Command and Control communications

  • Most bots do not listen on ports, because administrators could block these ports.
  • Bots will initiate communications with C&C server to appear legitimate.
  • How bots locate C&C server:
    • fixed IP list (weak) and
    • DNS lookup of the C&C server (reliable).
  • Defense beyond anti-virus: take down the domain (s) , block DNS access (?!?!).
  • The economics of botnets.

Previous slide

Next slide

Back to first slide

View graphic version