Efficient botnet herding within the Tor network

Springer Science and Business Media LLC - Tập 11 - Trang 19-26 - 2014
Lachlan Kang1
1The University of Adelaide, Adelaide, Australia

Tóm tắt

During 2013 the Tor network had a massive spike in new users as a botnet started using Tor hidden services to hide its C&C (Command and Control) servers. This resulted in network congestion and reduced performance for all users. Tor hidden services are attractive to botnet herders because they provide anonymity for both the C&C servers and the bots. The aim of this paper is to present a superior way that Tor hidden services can be used for botnet C&C which minimises harm to the Tor network while retaining all security benefits.

Tài liệu tham khảo

arma: [Tor Blog] How to Handle Millions of New Tor Clients. https://blog.torproject.org/blog/how-to-handle-millions-new-tor-clients (2013). Accessed 05 Sept 2013

Daswani, N., Stoppelman, M.: The anatomy of Clickbot.A. In: Proceedings of the First Conf. on First Workshop on Hot Top. in Underst. Botnets, HotBots’07, pp. 11–11. USENIX Association, Berkeley (2007). http://dl.acm.org/citation.cfm?id=1323128.1323139

Hopper, N.: Protecting Tor from botnet abuse in the long term. Tech. Rep. 2013–11-001, The Tor Project (2013). https://research.torproject.org/techreports/botnet-tr-2013-11-20

Mathewson, N.: Next-Generation Hidden Services in Tor [Draft]. https://gitweb.torproject.org/torspec.git/blob_plain/398c01be40f957c07d23b4ef6192214aee505703:/proposals/224-rend-spec-ng.txt (2013). Accessed 23 June 2014

msft-mmpc: Mevade and Sefnit: Stealthy Click Fraud. http://blogs.technet.com/b/mmpc/archive/2013/09/25/mevade-and-sefnit-stealthy-click-fraud.aspx (2013). Accessed 03 Aug 2014

msft-mmpc: Tackling the Sefnit Botnet Tor Hazard. http://blogs.technet.com/b/mmpc/archive/2014/01/09/tackling-the-sefnit-botnet-tor-hazard.aspx (2014). Accessed 03 Aug 2014

Nazario, J.: BlackEnergy DDoS Bot Analysis. Arbor Networks, Burlington (2007). http://atlas-public.ec2.arbor.net/docs/BlackEnergy+DDoS+Bot+Analysis.pdf

Protect the Graph: Sefnit is Back. https://www.facebook.com/notes/protect-the-graph/sefnit-is-back/1448087102098103 (2014). Accessed 03 Aug 2014

Stock, B., Gobel, J., Engelberth, M., Freiling, F.C., Holz, T.: Walowdac-analysis of a peer-to-peer botnet. In: Comput. Netw. Def. (EC2ND), 2009 Eur. Conf. on, pp. 13–20. IEEE (2009).

The Tor Project: Tor Metrics. https://metrics.torproject.org/ (2014). Accessed 08 July 2014

The Tor Project: Tor Project: Anonymity Online. https://www.torproject.org/ (2014). Accessed 09 July 2014

The Tor Project: Tor Rendezvous Specification. https://gitweb.torproject.org/torspec.git/blob_plain/7901fc11a9ecc6e857bf860fecb5ed25bd073378:/rend-spec.txt (2014). Accessed 23 June 2014

Thông tin
Thông tin xuất bản

Springer Science and Business Media LLC

Tập 11

19-26

Thông tin tác giả