Penetration Testing mailing list archives
Re: Botnets
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Wed, 1 Apr 2009 11:56:48 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 26 Mar 2009, Aarón Mizrachi wrote:
On Miércoles 25 Marzo 2009 01:22:14 M.D.Mufambisi escribió:Hi Guys. Can someone please explain to me how botnets use IRC? I want to make a presentation to my group demonstrating this in my lab which comprises of 4 winxp boxes. Unpatched. How are commands issued via IRC?Hi, i recopiled some info of botnets on my forensics... botnets are a new name to a old technique: TROJANS More specific: wide spredeable trojans that can act as zombies or use your computer on non-legitim pourporses... A popular method (SINCE SUB7 INCLUSIVE), is make a reverse connection to an a public IRC server who believe that you are a legitim user of chatrooms. Why botnets? 1th motivation: Useful way to bypass firewalls, when a bot/trojan make a connection to an IRC server, it connects like a normal user do it, in the past, firewalling only protected you against incomming connections, but, outcomming connections is allowed by default.
Not nessecarily, firewalls can and often do control outgoing connections.Allowing all outbound tends to be more a desktop thing often employed by less technical folks often on home PC's. Most companies tend to block at least some outgoing traffic.
I note alot of FUD about firewalls and their abilities in this list in recent times...
Thanks, Ron DuFresne- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com http://sysinfo.com Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629 These things happened. They were glorious and they changed the world..., and then we fucked up the endgame. --Charlie Wilson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFJ047Cst+vzJSwZikRAiT+AJ9egke/0I9WkydMAxfWo+Dyi+W9DgCfZ5a/ 3vdu2X48RZfR9H6VKg6NFCk= =Q/B0 -----END PGP SIGNATURE-----
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute No time or budget for traveling to a training course in this fiscal year? Check out the online penetration testing courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total hands-on training experience. Get the certs you need as well: CEH, CPT, CEPT, ECSA, LPT. http://www.infosecinstitute.com/request_online_training.html ------------------------------------------------------------------------
Current thread:
- RE: Botnets Wong Yu Liang (Apr 03)
- RE: Botnets R. DuFresne (Apr 14)
- <Possible follow-ups>
- Re: Botnets M.D.Mufambisi (Apr 03)
- Re: Botnets Renaud Bidou (Apr 03)
- Re: Botnets R. DuFresne (Apr 03)
- Re: Botnets Aarón Mizrachi (Apr 03)
- Message not available
- Re: Botnets Aarón Mizrachi (Apr 14)
- --++[Preventing the spread of USB malware]++-- Marcus Vinicius (Apr 14)
- Re: --++[Preventing the spread of USB malware]++-- Shreyas Zare (Apr 14)
- Re: --++[Preventing the spread of USB malware]++-- Nathan Sportsman (Apr 15)
- Message not available
- Re: --++[Preventing the spread of USB malware]++-- Marcus Vinicius (Apr 15)
- Message not available
- Re: --++[Preventing the spread of USB malware]++-- Marcus Vinicius (Apr 15)
- Re: Botnets Aarón Mizrachi (Apr 03)
- Message not available
- Re: --++[Preventing the spread of USB malware]++-- Shreyas Zare (Apr 15)
- Message not available
- Re: --++[Preventing the spread of USB malware]++-- Shreyas Zare (Apr 16)
- Re: --++[Preventing the spread of USB malware]++-- Razi Shaban (Apr 14)