Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Howto Simulate a BotNet ?
From: Shyaam <shyaam () gmail com>
Date: Fri, 8 May 2009 00:41:28 +0000

ns2 is a very good option. Generally, I have noticed researchers using
it for Wireless Sensor Networks, because it gives most accurate
results too. But again it depends on what you are trying to achieve.

Are you looking to trigger botnet signatures in your end point device?
Or are you trying to do this for your company site to show it to your
clients or viewers of your site? Or are you trying to use this to do a
behavior analysis?

Stimulus and Response, Purpose and Solutions, etc. go hand in hand.
Only if the purpose is known, or what exactly you are trying to
achieve, someone would be able to guide you in the right direction.

Shyaam

On Fri, May 8, 2009 at 12:27 AM, M.B.Jr. <marcio.barbado () gmail com> wrote:
No no no, this is a list of knowledge.
If Mark wants to simulate a botnet, firstly he needs to learn how to
do it for a generic purpose network.

Mark, try "ns-2", the best of its kind, and learn how to simulate and
tune bot entities, according to your needs.


Regards,




On Thu, May 7, 2009 at 1:54 AM, Aadil Noorkhan <a.noorkhan () linkbynet com> wrote:
Hello,

The closest I could find are:
- http://pages.cs.wisc.edu/%7Epb/botnets_final.pdf (rather interesting
paper about an inside look at botnets)
- http://www.breakingpointsystems.com/community/blog/botnet-simulation
(video about a botnet simulation by BreakingPointSystems)

Cheers,
Aadil.

On Thu, 2009-05-07 at 05:36 +0400, Valdis.Kletnieks () vt edu wrote:
On Wed, 06 May 2009 18:07:48 CDT, Mark Sec said:

Does any1 know a tool. squema, info or ideas to simulate a Botnet?

Ideas:

A) Many Vmware (workstations) over win32
B) Make a fake traffic
C) Make a scripts to simulate many hosts
D) IDS/ IPS (to see the traffic)

What behavior(s) of a botnet are you trying to simulate?  There's a lot
of approaches, as you've already noticed - which one will work best will
depend a lot on what you're trying to do.
--
Aadil NOORKHAN
Administrateur Unix
------------------------------------------------------
LINKBYNET Indian Ocean
BG Court, Route Saint-Jean, Quatre Bornes, Ile Maurice
Tel direct : (+33) 01 48 13 21 78
Tel : (+33) 1 48 13 00 00
Fax : (+33) 1 48 13 31 21
Email : a.noorkhan () linkbynet com
Web : www.linkbynet.com
______________________________________________________
Astreinte : http://www.linkbynet.com/astreinte/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




--
Marcio Barbado, Jr.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault