DocumentCode :
3035991
Title :
Types of Hosts on a Remote File Inclusion (RFI) Botnet
Author :
Robledo, Hugo F Gonzàlez
Author_Institution :
Univ. Politec. de San Luis Potosi, San Luis Potosi
fYear :
2008
fDate :
Sept. 30 2008-Oct. 3 2008
Firstpage :
105
Lastpage :
109
Abstract :
Web server attacks are increasingly in short time for different purposes, one of the principal vectors of this attacks are RFI and even the automatic way to do this. We suppose that in a botnet involved in RFI attacks, the attackers (host that launch the attack) are web servers compromised since the natural format of the attack and the tool (remote file to include). So we go deeper identified the type of host that is the attacker through a remote analysis based on domain name, content, and dynamic ip addresses.A large botnet involved in RFI attacks was tracked by almost a year and we figure out the behavior and the kind of host are the attackers and the hosters. This track were made by one University web server logs, compared with other sources. The interesting facts founded here are related to the botnet selected to study. This botnet is formed by other kind of hosts, not web servers at all. And the tool used to compromise web server is a very general shell. Other contribution of this work is a methodology for tracking RFI botnets, that could be used in real time or for historical data.
Keywords :
Web services; file servers; security of data; Web server attacks; dynamic IP addresses; historical data; remote file inclusion botnet; Automotive engineering; Computer crime; Computer languages; Databases; Internet; Programming profession; Radiofrequency interference; Robots; Vehicle dynamics; Web server; rfi botnets; tracking botnets;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Electronics, Robotics and Automotive Mechanics Conference, 2008. CERMA '08
Conference_Location :
Morelos
Print_ISBN :
978-0-7695-3320-9
Type :
conf
DOI :
10.1109/CERMA.2008.60
Filename :
4641055
Link To Document :
بازگشت