Tag Archives: botnet
According to statistics published in csoonline.com cyber crimes damages will hit 6 trillion by 2021 and 6 billion people target ( 75% of projected 8 billion population). As the access to network is increasing, hacking and committing cyber crime has become as easy as sending an email with malware link and its clicking by unsuspecting victims.
A botnet consists of a number of compromised hosts controlled by botnet controller managed by third parties . Bot net constitutes a major security threat and used to deploy malware, steal sensitive data, orchestrate DDoS attack. Once systems inside a network are compromised by installing malware it becomes very difficult to detect as the theft of data and sources of DDoS is orchestrated from within the network.
DNS sink hole is a process to identify the bot net master hosting malware software servers and assign the dns record of these hosts to localhost, non-existing or unused ip address . A valid ip is not returned for these host resolution and the infected host never connects to the bot net master server.
In order to understand how DNS Sink hole work we need to understand the bot net structure and its organization.
How a bot network is organized and activated ?
The initial part involves getting access to inside corporate network. This can be achieved in many ways like using brute force method to crack the passwords and encrypted data and other approach is rather simple, involving sending a link in email and betting on the chances that some users will click the link and deploy malware on their computers.