PROJECT TITLE :
Analysis of a “/0” Stealth Scan From a Botnet
Botnets are the foremost common vehicle of cyber-criminal activity. They're used for spamming, phishing, denial-of-service attacks, brute-force cracking, stealing non-public data, and cyber warfare. Botnets do network scans for several reasons, including searching for vulnerable machines to infect and recruit into the botnet, probing networks for enumeration or penetration, etc. We tend to present the measurement and analysis of a horizontal scan of the complete IPv4 address area conducted by the Sality botnet in February 201one. This 12-day scan originated from approximately 3 million distinct IP addresses and used a heavily coordinated and unusually covert scanning strategy to attempt to get and compromise VoIP-related (SIP server) infrastructure. We tend to observed this event through the UCSD Network Telescope, a /8 darknet continuously receiving massive amounts of unsolicited traffic, and we tend to correlate this traffic data with other public sources of information to validate our inferences. Sality is one in every of the biggest botnets ever identified by researchers. Its behavior represents ominous advances within the evolution of modern malware: the employment of additional subtle stealth scanning strategies by several coordinated bots, targeting essential voice communications infrastructure. This paper offers a detailed dissection of the botnet's scanning behavior, as well as general methods to correlate, visualize, and extrapolate botnet behavior across the world Internet.
Did you like this research project?
To get this research project Guidelines, Training and Code... Click Here