What Is a Botnet?
A botnet is a distributed network consisting of many compromised internet-connected devices, which are controlled by a centralized botmaster, and are utilized to perform synchronized tasks. Each infected machine is called a bot, and together their power is used to carry out various attacks. Botnets are usually created via malware infections, which gain persistence on the machines and “recruit” them to the botnet. Some of these malware variants can even self-propagate through networks, infecting many devices via one network entry point. The bandwidth amount “taken” from each bot is relatively small, so that the victim will not realize that their device is being exploited, but when thousands or even millions of machines are simultaneously instructed to perform a joint, targeted attack, the damage can be immense.
Although we are used to thinking of botnets as a collection of computers, these networks can be comprised of various types of devices – personal computers, laptops, mobile devices, smart watches, security cameras, and smart house appliances.
Botnet Architecture
Two distinct architectures characterize most botnets.
The “classic” botnet infrastructure is based on a client-server approach, which involves a Control and Command server that has centralized control over the bots. The C&C server sends automated commands throughout the botnet using a common communications protocol, usually IRC or HTTP. Using this type of communication, the botmaster can create dedicated channels between the bots and the C&C, as well as subgroup communications throughout the bot army. Botnets featuring client-server architecture are easier to set up, boast a well-known infrastructure with many guides and models to learn from, and allow the botmaster to directly communicate with all bots in a simple two-way session. On the other hand, this architecture is dependent on centralized C&C servers, which make the botnet easier to take down once discov ..
Support the originator by clicking the read the rest link below.
