Abstract
In recent years, we have seen the arrival of Distributed Denial-of-Service (DDoS) open-source bot-based attack tools facilitating easy code enhancement, and so resulting in attack tools becoming more powerful. Developing new techniques for detecting and responding to the latest DDoS attacks often entails using attack traces to determine attack signatures and to test the techniques. However, obtaining actual attack traces is difficult, because the high-profile organizations that are typically attacked will not release monitored data as it may contain sensitive information. In this paper, we present a detailed study of the source code of the popular DDoS attack bots, Agobot, SDBot, RBot and Spybot to provide an in-depth understanding of the attacks in order to facilitate the design of more effective and efficient detection and mitigation techniques.
Please use the following format when citing this chapter: Thing, V-, Sloman, M., and Dulay, N., 2007, in !F!P Internationa! Federation for Information Processing, Volume 232, New Approaches for Security, Privacy and Trust in Complex Environments, eds. Venter, H., Eloff. M, Labuschagne, L., Eloff, J., von Solms, R., (Boston: Springer), pp. 229–240.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Diane E. Levine and Gary C. Kessler, “Chapter 11 — Denial of Service Attacks, Computer Security Handbook, 4th Edition”, Editors — Seymour Bosworth, Michel E. Kabay, 2002.
K. J. Houle and G. M. Weaver, “Trends in Denial of Service Attack Technology”, Oct. 2001, CERT Coordination Center, http://www.cert.org/archive/pdf/DoStrends.pdf.
Arbor Networks, “Worldwide ISP Security Report”, Sept. 2005.
Federal Bureau of Investigation, “The Case of the Hired Hacker: Entrepreneur and Hacker Arrested for Online Sabotage”, http://www.fbi.gov/page2/aprilO5/hiredhackerO41805.htm Apr. 2005.
Dawn Kawamoto, “Blackmailers try to black out Million Dollar Homepage”, CNET News, http://news.zdnet.com/2100-100922-6028131.html Jan. 2006.
BBC Technology News, “Hacker threats to bookies probed”, http://www.news.bbc.co.Uk/l/hi/technology/3513849.stm Feb. 2004.
Ashlee Vance, “Man admits to eBay DDoS attack”, http://www.theregister.co.uk/2005/12/28/ebay_bots_ddos, Dec. 2005.
Jan Libbenga, “Dutch hackers sentenced for attack on government sites”, The Register, http://www.theregister.co.uk/2005/03/l6/dutch_hackers_sentenced, Mar. 2005.
Basudev Saha and Ashish Gairola, “Botnet: An Overview”, CERT-In White Paper, CIWP-2005-05, Jun. 2005.
Laurianne McLaughlin, “Bot Software Spreads, Causes New Worries”, IEEE Distributed Systems Online, Jun. 2004.
Drew Cullen, “Dutch smash 100,000-strong zombie army”, http://www.theregister.co.Uk/2005/l0/07/dutch_police_smash_zombie_network, Oct. 2005.
Joris Evers, ‘“Bot herders’ may have controlled 1.5 million PCs”, ZDNet News, http://www.news.zdnet.eom/2100-1009_22-5906896.html Oct. 2005.
Dawn Kawamoto, “Bots slim down to get tough”, CNET News, Nov. 2005.
John Canavan, “The Evolution of Malicious IRC Bots”, Virus Bulletin Conference, Oct. 2005.
15. Felix C. Freiling, Thorsten Holz, and Georg Wicherski, “Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks”, 10thEuropean Symposium on Research in Computer Security (ESORICS 2005), Sept. 2005.
Evan Cooke, Farnam Jahanian, and Danny McPherson, “The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets“, USENIX SRUTI: Steps to Reducing Unwanted Traffic on the Internet Workshop, Jul. 2005.
Michael Bailey, et al., “The Internet Motion Sensor: A distributed blackhole monitoring system”, Network and Distributed System Security Symposium (NDSS), Feb. 2005.
The Honeynet Project, “Know you enemy: Tracking botnets”, http://www.honeynet.org/papers/bots, Mar. 2005.
Microsoft, “DCOM RPC vulnerability”, http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx Jul. 2003.
Microsoft, “LSASS vulnerability”, http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx Apr. 2004.
Paul Barford and Vinod Yegneswaran, “An Inside Look at Botnets”, To appear in Series — Advances in Information Security, Springer, 2006.
McAfee Threat Center, http://www.vil.nai.com.
Symantec, http://www.symantec.com.
Sophos, http://www.sophos.com.
T. Killalea, “Recommended Internet Service Provider Security Services and Procedures”, IETF BCP 46, RFC 3013, Nov. 2000.
P. Ferguson and D. Senie, “Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing”, IETF BCP 38, RFC 2827, May 2000.
Cheng Jin, Haining Wang, and Kang G. Shin, “Hop-count filtering: an effective defense against spoofed DDoS traffic”, 10th ACM Conference on Computer and Communications Security, Oct. 2003.
David Moore, et al., “Inferring Internet Denial-of-Service Activity”, ACM Transactions on Computer System (TOCS), May 2006, 24(2), pp. 115–139.
Robert Beverly and Steven Bauer, “The Spoofer Project: Inferring the Extent of Source Address Filtering on the Internet”, USENIX SRUTI: Steps to Reducing Unwanted Traffic on the Internet Workshop, Jul. 2005.
Yu-Shun Wang, Danlu Zhang, and Kang G. Shin, “SYN-dog: Sniffing SYN Flooding Sources”, 22nd IEEE International Conference on Distributed Computing Systems, Jul. 2002.
B. E. Brodsky and B. S. Darkhovsky, “Nonparametric Methods in Change-point Problems”. 1993: Kluwer Academic Publishers.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 International Federation for Information Processing
About this paper
Cite this paper
Thing, V.L., Sloman, M., Dulay, N. (2007). A Survey of Bots Used for Distributed Denial of Service Attacks. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds) New Approaches for Security, Privacy and Trust in Complex Environments. SEC 2007. IFIP International Federation for Information Processing, vol 232. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-72367-9_20
Download citation
DOI: https://doi.org/10.1007/978-0-387-72367-9_20
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-72366-2
Online ISBN: 978-0-387-72367-9
eBook Packages: Computer ScienceComputer Science (R0)