- Dosnet
A Dosnet (Denial of Service Network) is a type of
botnet /malware and mostly used as a term for malicious botnets while benevolent botnets often simply are referred to as botnets. Dosnets are used forDistributed Denial of Service (DDoS) attacks which can be very devastating.They range in size from a couple of bots to a couple of thousand bots up to over a hundred thousand bots.
Many dosbots use the IRC protocol, but some use their own custom protocols. Some may use a decentralized P2P network.
More advanced dosnets use technologies such as SSL connections and
cryptography to preventpacket sniffing and data inspection.The botmaster can use the bots to "packet" (send a disruptive data flood) to other computers or networks. He can often also make them perform various other tasks, such as remotely fetching a new version of the bot software and update themselves.
Well-known dosnet software includes TFN2k,
Stacheldraht andTrinoo .There are some dosnet hunters who finds dosnets and analyze the bot and/or network in order to dismantle them, by getting access to them and commanding them to "uninstall" themselves if such a feature is present in the bot software, or to "update" themselves to a dud, or download and execute some sort of cleaner.
Botmaster
The botmaster is the person who control these bots/drones. He usually connects to the network via proxies, bouncers or shells to hide his
IP address . He uses apassword to authenticate himself, when the bots have verified the password (and possible other criteria for authentication) they are under his command.Sometimes the botnet is shared, and multiple botmasters operate it together.Botmaster often are black hat hackers or
script kiddie s.Sometimes botmasters hijack bots from the dosnet of another botmaster by analyzing the bot or network and discovering the password and commanding the bots to "update" themselves, to his bots.
Hypothetical example usage
.login my54kingdom78 .icmpflood 208.77.188.166 3500
Dosbot
The dosbot (Denial of Service bot, also called Distributed Denial of Service agent) is the client which is used to connect to the network and is also the software which performs any attacks. The
executable is usually stripped of symbols and compressed with tools such asUPX to obfuscate the contents and to preventreverse engineering .It's usually coded to automatically startup every time the computer (re)starts, and is also programmed to hide itself. Authentication is usually done by comparing the supplied password against a plaintext string or a cryptographic hash such asMD5 or SHA1, which may be salted for additional security.Sometimes dosbots are installed together with a
rootkit which is to prevent the bot from detection.They can often perform more than only one kind of attack. Attacks include TCP, UDP, ICMP attacks. Advanced bots may use
raw socket s and construct custom packets to performSYN flood s and other spoofing attacks.Computers infected with dosbot agents are referred to as "zombies".
The vast majority of the bots are written in the C or
C++ programming languages.Commands for the bot may use a prefix such as an exclamation mark, at sign or dot.
See also
*
Botnet
*Denial-of-service attack
*Malware
*Zombie computer
Wikimedia Foundation. 2010.