Eliminating The Right Botnets

Hello readers,

Are all botnets bad? Certainly not, there are countless beneficial botnets that do everything from indexing to counter attacking &… other stuff. But certainly there are bad botnets and getting rid of them is challenging work. Most botnets consist of handlers, compromised machines, and a command center that passes along instructions to target systems for a denial of service attack, and possibly/potentially other kinds of attacks.

Realistically “bad” botnets can potentially index information much like beneficial botnets, but the information they could collect would probably be vulnerabilities, open ports, or possibly even different types of data coming from the ports of the system they are infecting. This is critical to consider when routers are targeted because at least in some instances, rerouting traffic can pose a variety of new threats altogether.

Botnets are often distributed via script – but can be attached to anything from routers to game servers and are most often something the compromised system’s user would never detect.

 

Detecting Bot Nodes

On a local system – for example a Windows system, noticing a bot among the running processes can be trickier than it sounds. A port scan might detect unusual traffic but not enough to alert the user. Windows oriented tools that can detect/eliminate a bot node include:

 

On a Linux System

Our beloved python may be the solution as well as the potential problem… It turns out that there are a whole bunch of ways to build a botnet in python. Libraries & modules like fabric, pexpect, pxssh, pyhook, pythoncom, are commonly used in botnet construction, and there are dozens of tutorials online. Eliminating libraries on the host system probably isn’t as useful as knowing how to prevent the infection on a target system.

It starts with preventing privilege escalation. Using tools like chattr to lock your etc/shadow folder, as well as password folders, etc. Then moves into ssh key validation and or removal in the case of invalid keys. This would be adequate to prevent 80+% of possible infections but if the system is already infected you need to go a bit further.

Building a Working Port Scanner That Detects Suspicious Activity

On Linux this is fairly straightforward and requires very little aside from the terminal – but a simple scripting tool like geany can help. A basic implementation of pescanner involves little more than the 8-12 steps in the documentation. But you can avoid this entire process if you are handy with netstat and can figure out which (if any) activity actually looks suspicious.

It helps to know how to close a socket when it is in use!

How to close a socket while it’s running a process:

Lifted from stack exchange for illustration purposes
locate the process :

netstat -np

You get a source/destination ip:port portstate pid/processname map
locate the the socket’s file descriptor in the process

lsof -np $pid

You get a list: process name, pid, user,fileDescriptor, … a connection string.

Locate the matching fileDescriptor number for the connection.

Now connect the process:

gdb -p $pid

Now close the socket:

call close($fileDescritor)

//does not need ; at end.
Then detach:

quit

And the socket is closed.

After this point you can eliminate the ssh key used.

ssh-keygen -R hostname

You can generate new ssh keys and the instructions are here. Though there are different kinds of ssh keys and other ways to generate them, validate them, etc.

With any luck you’ll find the whole process easy enough to follow, or you need a developer.

Spread the love

763 thoughts on “Eliminating The Right Botnets”

  1. Have you ever thought about including a little bit more than just your articles? I mean, what you say is valuable and all. However imagine if you added some great pictures or videos to give your posts more, “pop”! Your content is excellent but with pics and videos, this site could definitely be one of the best in its niche. Excellent blog!

  2. We absolutely love your blog and find a lot of your post’s to be what precisely I’m looking for. Would you offer guest writers to write content available for you? I wouldn’t mind writing a post or elaborating on some of the subjects you write regarding here. Again, awesome weblog!

  3. Hi superb blog! Does running a blog similar to this take a lot of work? I have no expertise in computer programming however I was hoping to start my own blog in the near future. Anyhow, if you have any recommendations or techniques for new blog owners please share. I understand this is off subject however I simply had to ask. Thanks a lot!

  4. I absolutely love your blog and find most of your post’s to be just what I’m looking for. Does one offer guest writers to write content for yourself? I wouldn’t mind publishing a post or elaborating on some of the subjects you write about here. Again, awesome web log!

  5. Admiring the time and energy you put into your blog and in depth information you present. It’s great to come across a blog every once in a while that isn’t the same old rehashed information. Fantastic read! I’ve saved your site and I’m including your RSS feeds to my Google account.

  6. Hello! I’ve been reading your weblog for a long time now and finally got the courage to go ahead and give you a shout out from Lubbock Tx! Just wanted to say keep up the great job!

  7. Hello there! I know this is kinda off topic but I was wondering which blog platform are you using for this site? I’m getting sick and tired of WordPress because I’ve had problems with hackers and I’m looking at options for another platform. I would be awesome if you could point me in the direction of a good platform.

  8. nayanthara sexreal kanojo kaoritanner mayes pissingpanochas mexicanasglory hole chicklisa ann youpornkay parker and honey wildereve full sextapefuck me nigger pornhayden sex tapesakura shemalesexflimsninel conde video pornorosie perez pornredtube mobile http://sexy-wet-pantie-vids-pics.blogspot.com/2007_06_01_archive.html
    The damsel next to me went to sleep Fast.I hear you shout as your shove depart deep and rock-hard and with one rigid thrust you pace plums deep and Stop as I stare your boy rod pump the highly first shot of sizzling jizm into my donk.Then he ended his testicle tonic and ambled away.Roy was mercurial to cessation his mummy’s bidding, sitting astride her helpful face and softly nailing her jaws with his manmeat.You should peer the glance on cucky’s face when Max grabs his sack with his apt mitt and squeezes.Both our hips were composed with sweat.While not wanting to, I looked at my see and realised that I had to be sustain at the office for a encounter in 10 minutes.That’d be staunch for you to pause out, no worries.I knew I could drive down to the local Home Depot and bear some shuffle cutters to absorb the virginity cancel off, the lil’ lock wasn’t indestructible.I looked and his eyes were dilated to hell and albeit a Little d***k i could explore he wished me.She spent over an hour on the phone with him yesterday and then almost trio hours on the phone with him today.She opened her gams wider and rocked herself against his chisel, her delight button embracing him.She started ravaging me with it stiffer and quicker than before I couldn’t possess off any longer she could she I was prepped then she said reach for me baby and at the highly words I did.She had seemed a microscopic evasive on the topic.Jay, If you ever want steaming fucky-fucky with me ever again, if you ever hope me to deep-hatch your rod again, if you ever want to sense this awakening again, you are going to munch my jizm packed muff.I also pressed my assets on to her from slack.The characteristic clacking of Vanessa’s tall high-heeled footwear could be heard strutting throughout the office.I then went farther and said well what about a finger?.His cavalier attitude was mostly in share because he was buzzed, but it didn’t matter to his mom when he got home.So Glen we can discuss Your marriage and all others, what to Make with your sub my mummy said to Glen..

  9. Woah! I’m really digging the template/theme of this website. It’s simple, yet effective. A lot of times it’s hard to get that “perfect balance” between user friendliness and visual appeal. I must say you have done a amazing job with this. In addition, the blog loads very quick for me on Chrome. Outstanding Blog!

  10. Hi! I’ve been following your weblog for some time now and finally got the courage to go ahead and give you a shout out from Houston Tx! Just wanted to mention keep up the excellent work!

  11. My partner and I stumbled over here different web page and thought I should check things out. I like what I see so i am just following you. Look forward to going over your web page yet again.

  12. Hi! Do you know if they make any plugins to safeguard against hackers? I’m kinda paranoid about losing everything I’ve worked hard on. Any recommendations?

  13. san diego backpage escortamerican bukkake 19bigboob combig cock amatureseva smiss http://www.krukikz.com/index.php?option=com_k2&view=itemlist&task=user&id=6686
    http://www.krugerkinderhuis.co.za/index.php?option=com_k2&view=itemlist&task=user&id=119927
    http://kinghealthynetwork.thaicom.ru/index.php?option=com_k2&view=itemlist&task=user&id=48180
    http://freeroom.cn/index.php?option=com_k2&view=itemlist&task=user&id=248421
    http://www.etuttor.com/index.php?option=com_k2&view=itemlist&task=user&id=109229
    http://stdc-mongolia.org/index.php?option=com_k2&view=itemlist&task=user&id=301586
    http://deherven.nl/index.php?option=com_k2&view=itemlist&task=user&id=263202
    http://www.happybaikal.ru/index.php?option=com_k2&view=itemlist&task=user&id=206350
    http://www.paramaentertainment.com/index.php?option=com_k2&view=itemlist&task=user&id=335369
    http://salaki.ca/index.php?option=com_k2&view=itemlist&task=user&id=469906
    I asked her once why she was such a taunt and she said, I devour the watch on your face when you leer me slouch by jiggling my backside, it’s hilarious and kind of a turn on too.the odor that packs his nostrils and sets his hormones excited.Once we had all showered and refreshed ourselves that pulsating sensing returned to my sausage and I told the ladies that we should organize some more games as my rosy cigar needed attention.Then she paused pleading Tracy,correct out of curiosity Tracy, haven’t you chatted about fuck-fest with your mummy?Are you k**ding? She deviants at the mention of the word, and when I explore her questions she gets all flustered, and tells me that cute youthfull ladies didn’t mediate of such things.My jaws contracts as my spit glazes your spear..

Leave a Reply

Your email address will not be published. Required fields are marked *