Using Honeynets for Discovering and Disrupting IRC-Based Botnets

摘要

A botnet is a network of compromised computers that can be remotely controlled by an attacker through a predefined communication channel A computer becomes part of a botnet when it gets infected by a software agent commonly known as a 'bot'. Studies carried out by various research groups show the presence of hundreds of thousands of such compromised computers across the Internet. The sheer presence of such a large number of bots poses a serious threat to e-business infrastructures in particular and the Internet community at large. There have already been a number of well-documented incidents where such an army of bots has been used to launch Distributed Denial of Service (DDoS) attacks against corporate networks. Research carried out by various bot activity-monitoring groups also indicates that in recent months there has been a shift towards using these bots and botnets for monetary gains and espionage activities. The threat posed by bots and botnets is real and serious. As such, telecom operators and Internet Service Providers (ISP) across the globe are looking at ways and means to clean up their network and place detective and preventive mechanisms to counter the threat. This paper examines of a way of using honeynet as a tool for gathering information about botnets. A technique on how to use such information to disrupt the normal functioning of the identified botnets is then explored.