
	Home > Ask the Security Experts > Network Security Questions & Answers > What warning signs will indicate the presence of a P2P botnet?

Ask The Security Expert: Questions & Answers

EMAIL THIS

What warning signs will indicate the presence of a P2P botnet?

EXPERT RESPONSE FROM: Mike Chapple

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 20 June 2008
What are some sure signs that a computer has been connected to a peer-to-peer (P2P) botnet?

EXPERT RESPONSE
Peer-to-peer (P2P) botnets are the insidious follow-ons to the traditional Internet Relay Chat (IRC) command-and-control botnets of the past. In the IRC model, infected systems connect to an IRC controller network to receive commands from the botnet owner. It became easy to detect these botnets by simply monitoring your network for connections to IRC servers. Botnet owners answered this countermeasure with the introduction of P2P botnets that use encrypted communications within the "cloud" of infected systems, eliminating the need for a centralized controller.

There are two main ways you can detect the presence of a P2P botnet on your system and they're not rocket science. In fact, they're basic security controls that you should be practicing already. First, install and maintain updated antivirus software on your systems. Botnets typically infect systems with outdated antivirus signatures. Second, monitor your host firewall configurations. The typical productivity workstation does not require any inbound access other than any remote administration software in use on your network. P2P botnets must open firewall ports on infected systems to support their participation in the botnet cloud.

More information:

Learn about shaping P2P packets.
Find out what risks are involved in logging into a botnet control channel.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Network Security
	What are the differences between intrusion detection and intrusion prevention?
	Will there be DMZ routing issues if several firewalls serve as the default gateway?
	What are the top LAN security issues in a client-server network environment?
	Should tunnel connections be initiated from an ISP to a internal data center, or vice versa?
	What reporting tools are available for an enterprise IDS?
	Is it possible to allow select access to IP addresses using Windows Server 2003?
	Is an IPsec VPN necessary when connecting remote servers that process financial transactions?
	What are best practices for creating an IDS and maintaining a signature database?
	What are the best ways to hide system information from network scanning software?
	What are the security risks of opening all the ports on an internal router?

Network Scanning

Product Review: Altor Networks' Virtual Network Security Analyzer (VNSA) 1.0

Screencast: Catching network traffic with Wireshark

What are the best ways to hide system information from network scanning software?

How to run a Nessus system scan

Nessus: Vulnerability scanning in the enterprise

Nessus 3 Tutorial

Screencast: Using Nessus to scan for vulnerabilities

Web scanning and reporting best practices

Can a firewall alone effectively block port-scanning activity?

PING: Fyodor

Emerging Information Security Threats

Critical infrastructure security grim, study finds

New malware exploits Microsoft RPC flaw

Smartphone security: The growing threat of mobile malware

Microsoft sees OS flaws drop, application breaches rise

Security Squad: Security pros face troubles

Trojan exploiting Microsoft RPC flaw

Malicious program poses as Windows Security Center

Adobe addresses clickjacking in latest Flash Player

Clickjacking details released after attack proof-of-concept emerges

Billy Hoffman on AJAX security and browser attacks

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

inverse mapping (SearchSecurity.com)

network behavior analysis (SearchSecurity.com)

network scanning (SearchSecurity.com)

port scan (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business
Targeted Security Channel Tips for Resellers, Integrators and Consultants

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2003 - 2008, TechTarget \| Read our Privacy Policy