funsec mailing list archives
encrypted botnets?
From: Gadi Evron <ge () linuxbox org>
Date: Thu, 26 Jan 2006 02:42:23 +0200
Paul Schmehl wrote:
--On Wednesday, January 25, 2006 15:19:18 +0000 Fergie <fergdawg () netzero net> wrote:I dunno. Maybe I'm dense. How is this different from any other method of control once you encrypt the traffic? (And please don't tell me that IM or IRC can't be encrypted.) The issue isn't the protocol being used. It's the behavior. And how does encrypting the traffic *hide* the botmaster?I see Jon's busy stirring things up. :-) Via TechWorld. [snip] Voice-over-IP apps could be used to cloak networks of zombies, used to launch denial of service attacks, a Cambridge professor has warned. Armies of ordinary PCs - "botnets" - that have been infected by a virus and put under malicious control, could be controlled and orchestrated by messages hidden in VoIP traffic generated by programs such as Skype, warned Jon Crowcroft, Marconi professor of communications systems at Cambridge University. [snip] More here: http://www.techworld.com/news/index.cfm?NewsID=5232Scenario: 100,000 bot network 10,000 "sub" controllers 1000 "master" controllersAll traffic between these 100,000 bots is encrypted Skype, and the traffic patterns match DDoS or spam runs. Gee. I wonder what's going on there? But we can't tell because {{{gasp}}} it's encrypted!Huh? What am I missing?
Nothing, you will still see the botnet as you stated.Once you have the sample, you will also probably learn how to see most of what's going on desite encryption.
Gadi. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Cambridge Professor Warns of Skype Botnet Threat Fergie (Jan 25)
- RE: Cambridge Professor Warns of Skype Botnet Threat Larry Seltzer (Jan 25)
- RE: Cambridge Professor Warns of Skype Botnet Threat Richard M. Smith (Jan 25)
- Re: Cambridge Professor Warns of Skype Botnet Threat Paul Schmehl (Jan 25)
- encrypted botnets? Gadi Evron (Jan 25)
- <Possible follow-ups>
- RE: Cambridge Professor Warns of Skype Botnet Threat Fergie (Jan 25)
- RE: Cambridge Professor Warns of Skype Botnet Threat Larry Seltzer (Jan 25)
- RE: Cambridge Professor Warns of Skype Botnet Threat Austin (Jan 26)
- RE: Cambridge Professor Warns of Skype Botnet Threat Nick FitzGerald (Jan 27)