Re: [Full-disclosure] Howto Simulate a BotNet ?

From: Shyaam <shyaam@xxxxxxxxx>
Date: Fri, 8 May 2009 23:44:31 -0400

That is a nice tool as such. Many of my friends have tested it, and it
is really cool.

Shyaam

On Fri, May 8, 2009 at 10:00 PM, Tomas L. Byrnes <tomb@xxxxxxxxxxx> wrote:

Excuse the toppost:

You might want to look into the work done @ SRI on the BotHunter project by Phil Porras, and Farnham Jahanian and others' work @ University of Michigan, which led to the creation of Arbor Networks.

-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx [mailto:full-disclosure-
bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Jan G.B.
Sent: Thursday, May 07, 2009 7:28 AM
To: Mark Sec
Cc: Valdis.Kletnieks@xxxxxx; Untitled
Subject: Re: [Full-disclosure] Howto Simulate a BotNet ?

2009/5/7 Mark Sec <mark.sec@xxxxxxxxx>:

Well, Im looking info:

1) See all the traffic (Over botnet)
2) Administering many slaves (Lab) with the master (lab) via IRC, web,
etc...
3) Probe attacks DDoS and DoS (Lab)
4) Probe remote and Local Exploits
5) Infected via remote <iframe>, exploit, XSS etc.

any1 ?

-Mark :-)

Sounds to me, like you're about to test your botnet client in a
virtual environment.

2009/5/6 Aadil Noorkhan <a.noorkhan@xxxxxxxxxxxxx>

Hello,

The closest I could find are:
- http://pages.cs.wisc.edu/%7Epb/botnets_final.pdf (rather

interesting

paper about an inside look at botnets)
- http://www.breakingpointsystems.com/community/blog/botnet-

simulation

(video about a botnet simulation by BreakingPointSystems)

Cheers,
Aadil.

On Thu, 2009-05-07 at 05:36 +0400, Valdis.Kletnieks@xxxxxx wrote:

On Wed, 06 May 2009 18:07:48 CDT, Mark Sec said:

Does any1 know a tool. squema, info or ideas to simulate a

Botnet?

Ideas:

A) Many Vmware (workstations) over win32
B) Make a fake traffic
C) Make a scripts to simulate many hosts
D) IDS/ IPS (to see the traffic)

What behavior(s) of a botnet are you trying to simulate? There's a

lot

of approaches, as you've already noticed - which one will work best

will

depend a lot on what you're trying to do.

--
Aadil NOORKHAN
Administrateur Unix
------------------------------------------------------
LINKBYNET Indian Ocean
BG Court, Route Saint-Jean, Quatre Bornes, Ile Maurice
Tel direct : (+33) 01 48 13 21 78
Tel : (+33) 1 48 13 00 00
Fax : (+33) 1 48 13 31 21
Email : a.noorkhan@xxxxxxxxxxxxx
Web : www.linkbynet.com
______________________________________________________
Astreinte : http://www.linkbynet.com/astreinte/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

--
Thank you in advance for your time and consideration.
Kind Regards,
Shyaam Sundhar R.S.

Site: www.EvilFingers.com

Certification History:

Audit: GPCI
Legal: GCDS
Management: GLDR
Security: SSP-CNSA, SSP-MPA, SSP-GHD, GREM, GHTQ, GWAS, GIPS, GCFA, GCIA, GCIH
Anti-Terrorism: CAS

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Howto Simulate a BotNet ?
  - From: Mark Sec

References:
- [Full-disclosure] Howto Simulate a BotNet ?
  - From: Mark Sec
- Re: [Full-disclosure] Howto Simulate a BotNet ?
  - From: Valdis . Kletnieks
- Re: [Full-disclosure] Howto Simulate a BotNet ?
  - From: Aadil Noorkhan
- Re: [Full-disclosure] Howto Simulate a BotNet ?
  - From: Mark Sec
- Re: [Full-disclosure] Howto Simulate a BotNet ?
  - From: Jan G.B.
- Re: [Full-disclosure] Howto Simulate a BotNet ?
  - From: Tomas L. Byrnes

Prev by Date: Re: [Full-disclosure] Howto Simulate a BotNet ?
Next by Date: [Full-disclosure] Request : Microsoft Forefront (all) anybody?
Previous by thread: Re: [Full-disclosure] Howto Simulate a BotNet ?
Next by thread: Re: [Full-disclosure] Howto Simulate a BotNet ?
Index(es):
- Date
- Thread

Relevant Pages

Re: [Full-disclosure] Howto Simulate a BotNet ?
... [Full-disclosure] Howto Simulate a BotNet? ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)
Re: [Full-disclosure] Howto Simulate a BotNet ?
... [Full-disclosure] Howto Simulate a BotNet? ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)
Re: [Full-disclosure] AntiAntiSec / Endgame
... protect little snots like yourselves. ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)
Re: [Full-disclosure] Howto Simulate a BotNet ?
... [Full-disclosure] Howto Simulate a BotNet? ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)
Re: [Full-disclosure] Two bulletins from Microsoft on Patch Tuesday
... and restraint by not responding to your personal jabs, ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)