Table of Contents
Lead Authors and Technical Editors
Chapter 1: Botnets: A Call to Action
Chapter 3: Alternative Botnet C&Cs
Introduction: Why Are There Alternative C&Cs?
Historical C&C Technology as a Road Map
Chapter 5: Botnet Detection: Tools and Techniques
Network Infrastructure: Tools and Techniques
Darknets, Honeypots, and Other Snares
Forensics Techniques and Tools for Botnet Detection
Forensics Techniques and Tools for Botnet Detection
Chapter 6: Ourmon: Overview and Installation
Case Studies: Things That Go Bump in the Night
Chapter 7: Ourmon: Anomaly Detection Tools
Understanding the IRC Protocol
Ourmon’s RRDTOOL Statistics and IRC Reports
Detecting an IRC Client Botnet
Detecting an IRC Botnet Server
Chapter 9: Advanced Ourmon Techniques
Tricks for Searching the Ourmon Logs
Chapter 10: Using Sandbox Tools for Botnets
Examining a Sample Analysis Report
Interpreting an Analysis Report
Bot-Related Findings of Our Live Sandbox
Chapter 11: Intelligence Resources
Identifying the Information an Enterprise/University Should Try to Gather
Places/Organizations Where Public Information Can Be Found
Membership Organizations and How to Qualify
What to Do with the Information When You Get It
Chapter 12: Responding to Botnets