Using Honeynets for Discovering and Disrupting IRC-Based Botnets

ABSTRACT

A botnet is a network of compromised computers that can be remotely controlled by an attacker through a predefined communication channel. A computer becomes part of a botnet when it gets infected by a software agent commonly known as a ‘bot’. Studies carried out by various research groups show the presence of hundreds of thousands of such compromised computers across the Internet. The sheer presence of such a large number of bots poses a serious threat to e-business infrastructures in particular and the Internet community at large. There have already been a number of well-documented incidents where such an army of bots has been used to launch Distributed Denial of Service (DDoS) attacks against corporate networks. Research carried out by various bot activity-monitoring groups also indicates that in recent months there has been a shift towards using these bots and botnets for monetary gains and espionage activities.

The threat posed by bots and botnets is real and serious. As such, telecom operators and Internet Service Providers (ISP) across the globe are looking at ways and means to clean up their network and place detective and preventive mechanisms to counter the threat.Tthis paper examines of a way of using honeynet as a tool for gathering information about botnets. A technique on how to use such information to disrupt the normal functioning of the identified botnets is then explored.


AUTHORS

Senior Security Researcher, British Telecommunications
United Kingdom

Dhiraj Bhuyan is a CISSP certified Senior Security Researcher at British Telecommunications, in the United Kingdom. He has worked in many different areas of security including Voice over Internet, secure remote access, Wi-Fi technologies, Smart Cards, 3GPP IMSplatform, Liberty Alliance, Trusted Computing Platform, firewalls, botnets, malware, computer viruses, honeynets, Distributed Denial of Service attack mitigation and Broadband gateways.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
    23690
  • 757.871.3949
  • jiw@gbpts.com