Dosnet

From Wikipedia, the free encyclopedia

Dosnet (Denial of Service Network) is a type of botnet/malware and mostly used as a term for malicious botnets while benevolent botnets often simply are referred to as botnets. Dosnets are used for Distributed Denial of Service (DDoS) attacks which can be very devastating.

They range in size from a couple of bots to a couple of thousand bots up to over a hundred thousand bots.

Many dosbots use the IRC protocol, but some use their own custom protocols.

More advanced dosnets utilize technologies such as SSL and cryptography to prevent packet sniffing and data inspection.

The botmaster can use the bots to packet (send a disruptive data flood) to other computers or networks. He can often also make them remotely fetch a new version of the software and update themselves.

Well known dosnet software includes TFN2k, Stacheldraht and Trinoo.

[edit] Botmaster

The botmaster is the person who control these bots/drones. He usually connects to the network via proxies, bouncers or shells to hide his IP address. He uses a password to authenticate himself, when the bots have verified the password (and possible other criteria for authentication) they are under his command.

Botmaster often are black hat hackers or script kiddies.

[edit] Dosbot

The dosbot (Denial of Service bot, also called Distributed Denial of Service agent) is the client which is used to connect to the network and is also the software which does the attacking. The executable is usually stripped of symbols and compressed with tools such as UPX to obfuscate the contents and to prevent reverse engineering. It's usually coded to automatically start every time the computer restarts, and is also programmed to hide itself. Authentication is usually done by comparing the supplied password against a hash.

Sometimes dosbots are installed together with a rootkit which is to prevent the bot from detection.

They can often perform more than only one kind of attack. Attacks include TCP, UDP, ICMP and sometimes SYN flood and other spoofing attacks.

Computers infected with dosbot agents are referred to as "zombies".

The vast majority of the bots are written in the C or C++ programming languages.

[edit] See also