Re: [Full-disclosure] Howto Simulate a BotNet ?



2009/5/7 Mark Sec <mark.sec@xxxxxxxxx>:
Well, Im looking info:

1) See all the traffic (Over botnet)
2) Administering many slaves (Lab) with the master (lab) via IRC, web,
etc...
3) Probe attacks DDoS and DoS (Lab)
4) Probe remote and Local Exploits
5) Infected via remote <iframe>, exploit, XSS etc.

any1 ?

-Mark :-)




Sounds to me, like you're about to test your botnet client in a
virtual environment.




2009/5/6 Aadil Noorkhan <a.noorkhan@xxxxxxxxxxxxx>

Hello,

The closest I could find are:
- http://pages.cs.wisc.edu/%7Epb/botnets_final.pdf (rather interesting
paper about an inside look at botnets)
- http://www.breakingpointsystems.com/community/blog/botnet-simulation
(video about a botnet simulation by BreakingPointSystems)

Cheers,
Aadil.

On Thu, 2009-05-07 at 05:36 +0400, Valdis.Kletnieks@xxxxxx wrote:
On Wed, 06 May 2009 18:07:48 CDT, Mark Sec said:

Does any1 know a tool. squema, info or ideas to simulate a Botnet?

Ideas:

A) Many Vmware (workstations) over win32
B) Make a fake traffic
C) Make a scripts to simulate many hosts
D) IDS/ IPS (to see the traffic)

What behavior(s) of a botnet are you trying to simulate?  There's a lot
of approaches, as you've already noticed - which one will work best will
depend a lot on what you're trying to do.
--
Aadil NOORKHAN
Administrateur Unix
------------------------------------------------------
LINKBYNET Indian Ocean
BG Court, Route Saint-Jean, Quatre Bornes, Ile Maurice
Tel direct : (+33) 01 48 13 21 78
Tel : (+33) 1 48 13 00 00
Fax : (+33) 1 48 13 31 21
Email : a.noorkhan@xxxxxxxxxxxxx
Web : www.linkbynet.com
______________________________________________________
Astreinte : http://www.linkbynet.com/astreinte/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • Re: [Full-disclosure] Howto Simulate a BotNet ?
    ... Administering many slaves (Lab) with the master via IRC, web, ... Probe attacks DDoS and DoS ... Probe remote and Local Exploits ... (video about a botnet simulation by BreakingPointSystems) ...
    (Full-Disclosure)
  • Re: [Full-disclosure] Wipe off, rub out, reappear...
    ... You don't know if their infection is the result of a botnet. ... even the controlling side of a good botnet wich, ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)
  • Re: [Full-disclosure] Howto Simulate a BotNet ?
    ... [Full-disclosure] Howto Simulate a BotNet? ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)
  • Re: [Full-disclosure] Howto Simulate a BotNet ?
    ... I have noticed researchers using ... it for Wireless Sensor Networks, ... Are you looking to trigger botnet signatures in your end point device? ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)
  • Re: [Full-disclosure] Howto Simulate a BotNet ?
    ... See all the traffic (Over botnet) ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)