|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Tomas L. Byrnes (tomb
byrneit.net)
Date: Fri May 08 2009 - 21:00:14 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Excuse the toppost:
You might want to look into the work done SRI on the BotHunter project by Phil Porras, and Farnham Jahanian and others' work University of Michigan, which led to the creation of Arbor Networks.
>-----Original Message-----
>From: full-disclosure-bounceslists.grok.org.uk [mailto:full-disclosure-
>bounceslists.grok.org.uk] On Behalf Of Jan G.B.
>Sent: Thursday, May 07, 2009 7:28 AM
>To: Mark Sec
>Cc: Valdis.Kletnieksvt.edu; Untitled
>Subject: Re: [Full-disclosure] Howto Simulate a BotNet ?
>
>2009/5/7 Mark Sec <mark.secgmail.com>:
>> Well, Im looking info:
>>
>> 1) See all the traffic (Over botnet)
>> 2) Administering many slaves (Lab) with the master (lab) via IRC, web,
>> etc...
>> 3) Probe attacks DDoS and DoS (Lab)
>> 4) Probe remote and Local Exploits
>> 5) Infected via remote <iframe>, exploit, XSS etc.
>>
>> any1 ?
>>
>> -Mark :-)
>>
>>
>
>
>Sounds to me, like you're about to test your botnet client in a
>virtual environment.
>
>
>>
>>
>> 2009/5/6 Aadil Noorkhan <a.noorkhanlinkbynet.com>
>>>
>>> Hello,
>>>
>>> The closest I could find are:
>>> - http://pages.cs.wisc.edu/%7Epb/botnets_final.pdf (rather
>interesting
>>> paper about an inside look at botnets)
>>> - http://www.breakingpointsystems.com/community/blog/botnet-
>simulation
>>> (video about a botnet simulation by BreakingPointSystems)
>>>
>>> Cheers,
>>> Aadil.
>>>
>>> On Thu, 2009-05-07 at 05:36 +0400, Valdis.Kletnieksvt.edu wrote:
>>> > On Wed, 06 May 2009 18:07:48 CDT, Mark Sec said:
>>> >
>>> > > Does any1 know a tool. squema, info or ideas to simulate a
>Botnet?
>>> > >
>>> > > Ideas:
>>> > >
>>> > > A) Many Vmware (workstations) over win32
>>> > > B) Make a fake traffic
>>> > > C) Make a scripts to simulate many hosts
>>> > > D) IDS/ IPS (to see the traffic)
>>> >
>>> > What behavior(s) of a botnet are you trying to simulate? There's a
>lot
>>> > of approaches, as you've already noticed - which one will work best
>will
>>> > depend a lot on what you're trying to do.
>>> --
>>> Aadil NOORKHAN
>>> Administrateur Unix
>>> ------------------------------------------------------
>>> LINKBYNET Indian Ocean
>>> BG Court, Route Saint-Jean, Quatre Bornes, Ile Maurice
>>> Tel direct : (+33) 01 48 13 21 78
>>> Tel : (+33) 1 48 13 00 00
>>> Fax : (+33) 1 48 13 31 21
>>> Email : a.noorkhanlinkbynet.com
>>> Web : www.linkbynet.com
>>> ______________________________________________________
>>> Astreinte : http://www.linkbynet.com/astreinte/
>>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]