- 1、本文档共170页,可阅读全部内容。
- 2、原创力文档(book118)网站文档一经付费(服务费),不意味着购买了该文档的版权,仅供个人/单位学习、研究之用,不得用于商业用途,未经授权,严禁复制、发行、汇编、翻译或者网络传播等,侵权必究。
- 3、本站所有内容均由合作方或网友上传,本站不对文档的完整性、权威性及其观点立场正确性做任何保证或承诺!文档内容仅供研究参考,付费前请自行鉴别。如您付费,意味着您自己接受本站规则且自行承担风险,本站不退款、不进行额外附加服务;查看《如何避免下载的几个坑》。如果您已付费下载过本站文档,您可以点击 这里二次下载。
- 4、如文档侵犯商业秘密、侵犯著作权、侵犯人身权等,请点击“版权申诉”(推荐),也可以打举报电话:400-050-0827(电话支持时间:9:00-18:30)。
查看更多
网络攻击与防范4-恶意代码概论
* * * * * * Some of the trojans have been removed to make the list fit on the slide. * * * * Botnets (contd.) 3 Steps of Authentication Bot to IRC Server IRC Server to Bot Botmaster to Bot (*) : Optional Step Why IRC? IRC(Internet Relay Chat) servers are: freely available easy to manage easy to subvert Attackers have experience with IRC IRC bots usually have a way to remotely upgrade victims with new payloads to stay ahead of security efforts Host-based detection Virus scanning Watching for Symptoms Modification of windows hosts file Random unexplained popups Machine slowness Antivirus not working Watching for Suspicious network traffic Since IRC is not commonly used, any IRC traffic is suspicious. Sniff these IRC traffic Check if the host is trying to communicate to any Command and Control (CC) Center Through firewall logs, denied connections Network Intrusion Detection Systems Example Systems: Snort and Bro Sniff network packets, looks for specific patterns (called signatures) If any pattern matches that of a malicious binary, then block that traffic and raise alert These systems can efficiently detect virus/worms having known signatures Cant detect any malware whose signature is unknown (i.e., zero day attack) Anomaly Detection Normal traffic has some patterns Bandwidth/Port usage Byte-level characteristics (histograms) Protocol analysis – gather statistics about TCP/UDP src, dest address Start/end of flow, Byte count DNS lookup First learn normal traffic pattern Then detect any anomaly in that pattern Example systems: SNMP, NetFlow Botnet Traffic Share Botnet Traffic Share IRC Nicknames Bots use weird nicknames But they have certain pattern (really!) If we can learn that pattern, we can detect bots botnets Example nicknames: USA|016887436 or DE|028509327 Country | Random number (9 digit) RBOT|XP|48124 Bot type | Machine Type | Random number Problem: May be defeated by changing the nickname randomly HoneyPot and HoneyNet HoneyPot is a vulnerable machine, r
您可能关注的文档
- 网上的专利检索方法.ppt
- 网友最想知道的商界大佬小秘密.doc
- 网友浅谈诺基亚手机电池保养常识.pptx
- 编程实现简单的TCP协议分析器.doc
- 网易视频云:用Nginx搭建flv,mp4,hls流媒体服务器.docx
- 网上银行专题:用友软件-工商银行专业版接入模式.doc
- 网申英语问答大全.doc
- 综英2-09-Secret-Messages-to-Ourselves.ppt
- 网架、钢构安全专项施工方案1.doc
- 网瘾的危害英文ppt.ppt
- 人教新目标版英语九年级 中考模拟学情评估(三)(含答案).pdf
- 上海市风华中学2024-2025学年高三上学期9月阶段测试英语试题(无答案).pdf
- 统编版2024-2025学年语文六年级上册期末检测卷(有答案).pdf
- 人教新目标版英语九年级第二学期全册学情评估(含答案).pdf
- 内蒙古自治区巴彦淖尔市杭锦后旗第六中学2024-2025学年八年级上学期阶段性测试历史试题(解析版).pdf
- 湖南省娄底市涟源市部分学校2024-2025学年高一上学期9月月考语文试题 Word版无答案.pdf
- 湖南省衡阳市常宁市2023-2024学年七年级上学期期末考试英语试题.pdf
- 湖南省娄底市涟源市部分学校2024-2025学年高一上学期9月月考语文试题 Word版含解析.pdf
- 江苏省泰州市姜堰区城西实验学校2024-2025学年部编版九年级上学期月考历史试卷(原卷版).pdf
- 内蒙古伊金霍洛旗2022-2023学年七年级上学期期末考试英语试题.pdf
最近下载
- 第十一单元第二十一节德彪西教学课件-2021-2022学年高中音乐人音版必修音乐鉴赏.pptx
- 人教中图版(2019)信息技术必修2 1.2 认识信息社会 教案(表格式).docx
- 高性能低表面处理环氧涂料的制备和性能研究.docx VIP
- 永临结合及转换方案-投标200页简易版.docx
- 【语文】人教部编版语文八年级上册:古诗文理解性默写(完整版).pdf VIP
- 基本乐理音程介绍PPT课件.pptx
- GB_T27065-2015_合格评定产品、过程和服务认证机构要求.doc
- 环氧改性有机硅树脂低表面能涂料的研制.doc VIP
- 0~3岁婴幼儿心理发展与教育(高职)全套教学课件.pptx
- 语文一年级上册核心素养教案全册.pdf VIP
文档评论(0)