National Webcast Initiative

Invasion of the “Bots”
You Could Be A “Zombie” and Don’t Know It!

Wednesday, May 18, 2005

References

The following references are provided as a resource to help familiarize you with some common cyber security information you will hear during the May 18, 2005 webcast. We do not warrant the accuracy of any information contained in the resources and neither endorse nor promote the advertising of any resources. The information provided below is by no means an exhaustive list, however it can be utilized as a foundation from which you can build your knowledge of cyber security terms and further pursue these topics on your own.

General Information

The Honeynet project is one organization monitoring botnets. A collection of white papers can be found at: http://www.honeynet.org/papers/(New Window)

Are you a good cyber citizen? Take a self-guided security test and find out: http://www.staysafeonline.info/home.html(New Window)

Articles about Distributed Denial of Service Attacks

Three good overviews of DDOS attacks: http://www.linuxsecurity.com/resource_files/intrusion_detection/ddos-faq.html(New Window)
http://www.networkcomputing.com/1201/1201f1c1.html(New Window)

A website with current news about DDOS attacks: http://www.ddosworld.com/(New Window)

How to defeat a denial of service attack: http://www.sans.org/dosstep/index.php(New Window)

Forensic Analysis

Forensic analysis is used by security professionals to diagnose compromised systems. The SANS Institute has many good papers that describe such analysis.

The following link is to a particularly well written analysis of a compromised system. Aspiring professionals should understand the concepts in this paper. GIAC Certified Forensic Analyst (GCFA) Practical Assignment, Jennifer Kolde, Sans Institute. http://www.giac.org/practical/GCFA/Jennifer_Kolde_GCFA.pdfpdf

Bots send a kind of network traffic that is sometimes called “Command and control” traffic. Specialized devices can detect the network signatures of these commands. Read about SNORT servers at: Using SNORT to detect rogue IRC Bot Programs http://www.giac.org/certified_professionals/practicals/gsec/4095.php(New Window)