A botnet sinkhole is a target machine used by researchers to gather
information about a particular Botnet sinkhole botnet.
Sinkholing is the redirection of traffic from its
original destination to one specified by the sinkhole owners. The altered
destination is known as the sinkhole. (The name is a reference to a physical
sinkhole, into which items apparently disappear.)
Sinkholes can be used for good or ill intent. Most
commonly, sinkholes are used to redirect zombies in a botnet to specified
research machines to capture data about them.
In a centralized botnet, sinkholing is straightforward.
The discovery of a C&C (command and control) server makes it possible to
redirect DNS requests for that server to a law enforcement computer or other
analyzing machine. The specially configured DNS server can simply route the
requests of the bots to a faked C&C server, where the requests provide
information to researchers about the nature of the botnet. To establish this
type of botnet sinkhole, researchers need the cooperation of the owner of the
DNS used by the botnet, as well as knowledge of the botnet and its C&C
server.
Since there is no C&C server in a decentralized or P2P
botnet (peer-to-peer botnet), the researcher has to detect its method of
picking up owner commands before any attempt can be made to block or analyze
the botnet's communication.
Other methods used to effectively sinkhole botnet DDoS
(distributed denial of service) traffic include locally rerouting
traffic through changes via Windows updates or to a hosts file.
Tabula Rosa Systems currently sells the security industry;s premiere Botnet product, Attivo Networks. Please content our company, below for more information, a WebEx or a trial.
Tabula Rosa Systems currently sells the security industry;s premiere Botnet product, Attivo Networks. Please content our company, below for more information, a WebEx or a trial.
------------------------------------------------------------------------------
**Important note** - contact our sister company for very powerful solutions for IP management (IPv4 and IPv6), security, firewall and APT solutions:
www.tabularosa.net
In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications.
Lastly, I
am the founder and president of Tabula
Rosa Systems, a company that provides “best of breed” products for network,
security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT
product information for virtually anyone.
==============================================
No comments:
Post a Comment