Botnets: big and bigger

Researchers design honeynet computer networks specifically to be attacked. The hosts that comprise a honeynet and serve as attack targets are called honeypots. Researchers configure them to capture a variety of useful data about computer attacks without compromising other computers. Moreover, honeynet researchers strive to implement data capture and control in such a way that intruders are unaware that their actions are being monitored. Although honeynet technology is relatively new, it is developing rapidly. Honeynets have already proven themselves to be useful sources of information. In this article, I´ll describe an attack on a honeypot that occurred in March 2003 during the onset and peak activity of several worms that targeted vulnerable hosts running Windows file sharing. We incorporated the compromised honeypot into a large botnet that attackers used to initiate distributed denial-of-service (DDOS) attacks against several Internet sites. I explain the structure of such botnets, their use by computer attackers, and the threat they pose to Internet sites.