Topology and Message Flow Control of Hierarchical Botnet (Essay Sample)

Hierarchical Botnets and Detection Tools
Student’s Name:
Institution:
Date:
Hierarchical Botnets and Detection Tools
Ethical hacking remains an important discourse that intends to save the technology world from attacks. Botnets have troubled computers around the globe and their understanding can save companies and individuals potential losses. Over the years, attacks on computers have been evidenced and have seen companies and individuals suffer losses. Attacks such as the Wanna Cry and Zero Day prey on security vulnerabilities and cause losses if ransom is not paid in time. Botnets form a sensitive topic under ethical hacking that informs the dynamics of the technology world especially the use of networks. Several computers are attacked without the knowledge of the owner and controlled as a group to execute the commands of the attacker. Hierarchical botnets are one of the different types of botnets that are discussed here in detail. Therefore, the hierarchical topological botnets are discussed and their control model and structure determined herein.
* Topology and Message Flow Control of Hierarchical Botnet
What is Hierarchical Topology Botnets?
Hierarchical topology botnets ascribe to a tier group mannerism. Different methods are used to attack computers using this topology and include Random Administration Tools (RATs), Distributed Denial of Service (DDOS) and Content Delivery Network (CDN). The attackers mostly have malicious intentions that include fraud, malware distribution of malware or denial of service. Requirements for the hierarchical topology include network communication, command and control (C&C) communication, and obfuscation as well as hiding techniques. Network communication enhances the communication of different servers and provides security loopholes that an attacker uses (Vormayr, Zseby, & Fabini 2015). The hierarchical order is made possible through the use of command and control servers where some can be parceled out for rental purposes while the others are used by the owners. Reliability is an advantage that the hierarchical topology presents. Further, the number of computers discovered from a single bot is reduced due to the topology of this botnet. The mutation of the different stages and nodes in this topology are enabled by the aforesaid obfuscation and hiding techniques assuring the attacker of anonymity (Ollmann 2016). The convenience that this type of botnet brings can be likened to a pizza’s design. A pizza is a larger piece that is divided into pieces to ease a customer’s eating process. Eating the whole pizza for example through holding it at once can be tedious and one might end up with sauce on his or her clothes which no one would like. Similarly, the hierarchical topology botnet is distributed in a manner that allows for convenience (Dago, Gu & Lee 2014). Importantly, the distribution of the bots in this topology is modeled into a way that no botnet is aware of the location of the other. Security researchers then find it difficult locating botnets in the hierarchical topology. Multi-stage botnets in this structure have worm propagation capacities and employ the super node based peer to peer command and control. Analysts agree that the division of this botnets into different stages makes it difficult to coordinate and needs a relatively higher amount of time for instructions to execute.
The Topology Structure
The structure of the hierarchical botnet topology assumes a simple and diverse deployment of resources (Alberca, Pastrana Suarez-Tangil & Palmieri 2016). Resources involved include computers, networks, and routers. The computers are divided into different groups that are assigned different tasks. Some computers are assigned the responsibility of the host for a botnet (Amini, Araghizadeh & Azmi 2015). Other computers act as developers of the spam while others acts as common and control centers. The attacker assumes anonymity by hiding his or her Internet Protocol (IP) address. Different measures are used to enhance anonymity which includes Virtual Private Networks (VPN’s) and Remote Desktop Connections (RDP’s). VPN’s assign a proxy IP address to the attacker’s computer; this helps in mirroring his or her location to another place (Far, Jahankani & Ghazihesami 2014). Proficient programmers can design their VPN’s but there are many vendors who offer the same service. RDP’s are basically another computer acting as a server in another geographical location. An attacker might be in Country A and targeting computers in the same country. The attacker will use a remote connection form Country B to attack computers in his or her country. Chances of detection are greatly reduced by such mechanisms that the topology structure employs.
433387417780Botmaster00Botmaster419100141605BotnetBotnet
1133475450850059055013081000
54673502476500 1. 2. 6.
228600023304500467677515684574295080645Victim HostVictim Host52292251568453.
218122546990000246697514605000 4.
5.
C$C Servers
1. Initial Infection
2. Secondary Injection
3. Connection
4. Malicious Command and Control
5. Maintenance and Update
6. Master control
After ascertaining anonymity, the attack targets several computers to act as control and command centers. Different computers on an identified network are targeted and malware installed on them. The computers are infected without the user noticing and this is why some tech savvy people label such computers as zombies. Zombies rarely know what is happening around them, the same happens to computers in botnets. The now command and control centers are distributed into different tier levels to resemble a hierarchical structure. Within the same structure some of the computers are assigned P2P functionalities to help in monitoring while most of the other computers exist on their own to avoid detection and tracking.
Command and Control Mechanism of the Hierarchical Topology
Routers are targeted by the Command and Control centers where passwords are stolen through remote access. The File Transfer Protocol (FTP) takes effect at this point. It is advised that when having a home computer connected to the internet, one should disable FTP and random access (Ibrahim & Thanon 2015). Unfortunately, this topology banks on people’s lack of adept cyber security knowledge. Many computers fall victim because of the low level of knowledge people have or rather implement, hence making easy room for botnets such as the hierarchical topology one. Distribution of workload for the botnet follows where some computers are high level C&C tier points while others are low level. The provision of parcels to different clients who want to use the botnet is made possible at this stage of the topology structure. The last stage of the structure is execution; the malware is distributed to targeted computers where harm is caused.
The hierarchical topology structure has stages that prompt replication of its initial network cluster. The replication helps simplify the task of the different tiers by sending an increased number of a similar spam. Moreover, addition of protocols between the application layer and the payload comes in handy in the sending of messages in the topology structure as will be seen later on. Layers designed by the attacker intercept the application and payload layers where they retrieve or send information if some certain conditions are met. Examples of these protocols are Routing and P2P layers (AsSadhan, Moura & Lapsley 2013). Routing helps in sending packets in different channels that allow for encryption without detection. The routing protocol is tasked with assimilation of the network design to ensure seamlessness of the developed structure. The P2P layers are tasked with communication between hosts that are in similar stages while processing and executing instructions.
A process flow of the topology structure can be broken down into; the attacker, control server, bots and spam. The attacker in this case receives a negative attribute which is unethical and is termed as black hat hacking (Hachem, Mustapha, Granadillo & Debar 2011). The unethical hacker while doing his or her red or penetration testing would be named a white hat hacker while a grey hat hacker would be trying both positive and negative maxims of hacking at different instances. The attacker is wary of the environment he or she wants to attack. Vulnerabilities create the biggest reason for attacking a network. Security experts agree that attackers find it easy to have their way around systems that have existed for a while unlike new ones. New systems occasionally have recent security threats fixed (Hands, Yang & Hansen 2015). The worry behind attackers is leaving their tracks in an environment or being traced through the different stages they executed an attack. Control servers have different versions that should synchronize well with the attacker’s deployment. Some servers might opt to use Linux while others bank on Apache systems. Such dynamics expect the attacker to be shrewd and have a well-designed plan that will require less customization time for different operating systems and environments. Bots are the automated functions that an attacker designs which in this case are malicious automations over the internet hence the term, botnet. Bots are infected with malware such as Trojan horse and relayed over the internet through Internet Relay Chat (IRC). Botnets gather information and redistribute malware, which explains the spamming process. Information gathered includes images and credit card numbers.
Images might be used for b...