Security Basics mailing list archives
Re: Research on Bots (Trends, advancements, future in security world, evolution....)
From: Srikanth Dabbiru <srikanthdab () gmail com>
Date: Wed, 4 Mar 2009 20:17:13 -0800 (PST)
Hi Meenal and/or Pedro, I started off using High Interaction Honeypots initially, used all kinds of tools to study the data stream flowing into these Honeypots. I was more of involved into focusing at the "human" traffic, so, worms and similar nature were off my filter or rather I would say, I was not keen on looking at and analyzing them. I was more of interested in focusing at a *nix perspective. But, then, as my research demanded more and more of a 'narrowed down approach'...((you know your professor asks you to come back over and over until you get a good, hardcore, 'what-new' kind of topic))...i moved to low interaction honeypots with a focus on wireless media and OS fingerprinting.... and yeah the other reason to move to low interaction is to sit and monitor your high interaction honeypot 24x7 [coz there was one moment when the pot got compromised and the adversary runs the command `rm -rf /` :-( ] So like i said before, I am no expert, but, am sure this may lead you to something...I would advise running a high interaction yourself to collect and analyze in order to find more about 'improvisations' in Bots....or if that sounds daunting, you could gather the already collected data samples from organisations like www.honeynet.org Pedro, Do you run yours for business or pleasure ? Regards, Srikanth. @Pedro Henrique Calais Hello Srikanth, Which kind of honeypots are yours? I also work with honeypots; they are low-interaction honeypots emulating open proxies and open relays. Regards, -- Pedro Meenal Mukadam wrote:
Hello Srikanth, Thank you. Basically I am trying to map the evolution of Botnets by mapping the technological advancements to their evolution pattern. I have had success with studying and understanding the Bots with respect to the improvement in stealth, usage of encryption, their morphing (need more information on this) & inclusion of AI. I am trying to gain additional knowledge to understand how the Bot-herders are tweaking them to make them more deadly and lethal. Also what is the current scenario in Botnet technology and in Botnet Business. What can be their future enhancements and their additional usage. I would really like if you can share your valuable insights (from your experience, or from the analysis of the traces of Bots in your Honeypot). Thanking you in advance.... Thanks, Meenal A. Mukadam On Sat, Feb 28, 2009 at 2:26 PM, Srikanth Dabbiru <srikanthdab () gmail com> wrote:Hello Meenal, What exactly are you looking to document in your research ? I am no expert in information security, but, I can tell you that the trend is to track, study and analyze Bots via Honeypots. The whole point is to defend against these automated attacks proactively (if you know what I mean). I myself am doing a research at my university on Honeypots. So I know the value of having a Honeypot(s) within an organization. Regards, Srikanth.-- Meenal A. Mukadam ----------------------------------------------------------------- http://www.linkedin.com/in/meenalmukadam ----------------------------------------------------------------- Far away there in the sunshine are my highest aspirations. I may/maynot reach them, but I can look up and see their beauty, believe in them and try to follow where they lead -------------------------------------------------------------
-- View this message in context: http://www.nabble.com/Re%3A-Research-on-Bots-%28Trends%2C-advancements%2C-future-in-security-world%2C--evolution....%29-tp22339704p22344482.html Sent from the Security Basics mailing list archive at Nabble.com.
Current thread:
- Re: Research on Bots (Trends, advancements, future in security world, evolution....) Srikanth Dabbiru (Mar 05)