only post comments made by the speakers or panelists do
play

Only post comments made by the speakers or panelists Do not post - PowerPoint PPT Presentation

Dec 04, 2023 •168 likes •823 views

Social Media Posting Allowed Tweeter, Facebook, LinkedIn, other social media posts are welcomed in this session if you: Only post comments made by the speakers or panelists Do not post comments or questions from the

  1. – Social Media Posting Allowed – 
 Tweeter, Facebook, LinkedIn, other social media posts 
 are welcomed in this session if you: 
 • Only post comments made by the speakers or panelists • Do not post comments or questions from the audience 
 (but you can share the speakers’ responses to questions) • Do not post the name, position or company of other meeting attendees • Do not post conversations with attendees • M 3 AAWG is not a deliverability conference; we are: • An industry working group meeting • An anti-abuse conference, or • A gathering of security experts • All of the M 3 AAWG Membership, Trademarks and Logo guidelines apply ( https://www.m3aawg.org/members/how-promote-m3aawg#TrademarkGuidelines ) • Appreciate a shout out to @maawg and #m3aawg42 M3AAWG 42nd General Meeting | San Francisco | February 2018

  2. Understanding the Mirai Botnet Manos Antonakakis ✝ , Tim April ◆ , Michael Bailey ★ , Matthew Bernhard ‡ , Elie Bursztein ✱ Jaime Cochran △ , Michalis Kallitsis ● , Damian Menscher ✱ , Zakir Durumeric ‡ Deepak Kumar ★ , Chad Seaman ◆ , J. Alex Halderman ‡ , Luca Invernizzi ✱ , Chaz Lever ✝ Zane Ma ★ , Joshua Mason ★ , Nick Sullivan △ , Kurt Thomas ✱ , Yi Zhou ★ ◆ Akamai Technologies, △ Cloudflare, ✝ Georgia Institute of Technology, ✱ Google, ● Merit Network ★ University of Illinois Urbana-Champaign , ‡ University of Michigan Understanding the Mirai Botnet ▪︎ Zane Ma 2

  3. Internet of Things 2016 2020 6 - 9 Billion ~30 Billion Understanding the Mirai Botnet ▪︎ Zane Ma 3

  4. IoT Botnets 2012 Carna Botnet 2015 BASHLITE / gafgyt 420,000 devices 1,000,000 devices Understanding the Mirai Botnet ▪︎ Zane Ma 4

  5. Mirai Understanding the Mirai Botnet ▪︎ Zane Ma 5

  6. Lifecycle Attacker • Fast, stateless port-scanning: �� Send command SYN w/ TCP seq # = dest IP Command Report �� Dispatch Loader • Check for SYN-ACKs where & Control Server Infrastructure TCP seq # = src IP + 1 �� Relay ��� Load � � Report • Raw socket, requires root Devices �� Scan Victim Bots • If port open, brute force telnet � Attack login credentials DDoS Target Understanding the Mirai Botnet ▪︎ Zane Ma 6

  7. Lifecycle Attacker • Reports successful IP:port, �� Send command username:password Command Report �� Dispatch Loader • Report server aggregates & Control Server Infrastructure results �� Relay ��� Load � � Report Devices �� Scan Victim Bots � Attack DDoS Target Understanding the Mirai Botnet ▪︎ Zane Ma 7

  8. Lifecycle Attacker • Asynchronous from scanning �� Send command + reporting Command Report �� Dispatch Loader • Supports building up potential & Control Server Infrastructure “hit list” �� Relay ��� Load � � Report Devices �� Scan Victim Bots � Attack DDoS Target Understanding the Mirai Botnet ▪︎ Zane Ma 8

  9. Lifecycle Attacker • Determines architecture, �� Send command wget/tftp 1 out of 9 archs. Command Report �� Dispatch Loader • Defensive - kills competing & Control Server Infrastructure Mirai, and any processes �� Relay ��� Load � � Report listening on HTTP/Telnet/SSH Devices �� Scan Victim • Obfuscates process name Bots and removes executable - � Attack does not survive reboots DDoS Target Understanding the Mirai Botnet ▪︎ Zane Ma 9

  10. Lifecycle Attacker • Simple attack API - �� Send command configurable duration, attack size (# bots), IP spoofing Command Report �� Dispatch Loader & Control Server Infrastructure • Supports 10 attack types, �� Relay ��� Load � � Report volumetric/TCP/application Devices �� Scan Victim Bots � Attack DDoS Target Understanding the Mirai Botnet ▪︎ Zane Ma 10

  11. Lifecycle Attacker • C&C resolves domains, �� Send command issues attacks on IPs Command Report �� Dispatch Loader & Control Server Infrastructure �� Relay ��� Load � � Report Devices �� Scan Victim Bots � Attack DDoS Target Understanding the Mirai Botnet ▪︎ Zane Ma 11

  12. Lifecycle Attacker • Attacks do not interrupt �� Send command scanning Command Report �� Dispatch Loader • Fingerprintable application & Control Server Infrastructure level packets �� Relay ��� Load � � Report • Configurable reflection / Devices �� Scan Victim amplification attacks Bots � Attack DDoS Target Understanding the Mirai Botnet ▪︎ Zane Ma 12

  13. Measurement Attacker Data Source Size �� Send command Network Telescope 4.7M unused IPs Command Report �� Dispatch Loader • 0.1% of IPv4 address space & Control Server Infrastructure �� Relay ��� Load � • 1.1M packets / min � Report • Look for Mirai fingerprint Devices �� Scan Victim Bots � Attack DDoS Target Understanding the Mirai Botnet ▪︎ Zane Ma 13

  14. Measurement Attacker Data Source Size �� Send command Network Telescope 4.7M unused IPs Command Report �� Dispatch Loader • 0.1% of IPv4 address space & Control Server Infrastructure �� Relay ��� Load � • 1.1M packets / min � Report • Look for Mirai fingerprint Devices �� Scan Victim Bots • Handling IP churn: look for active � Attack concurrent scans DDoS Target Understanding the Mirai Botnet ▪︎ Zane Ma 14

  15. Measurement Attacker Data Source Size �� Send command Network Telescope 4.7M unused IPs Active Scanning 136 IPv4 scans Command Report �� Dispatch Loader & Control Server Infrastructure • Application protocol banners �� Relay ��� Load � � Report (telnet, FTP, HTTP, etc.) Devices �� Scan Victim • Device attribution: NMap service Bots probes, manual labeling � Attack DDoS Target Understanding the Mirai Botnet ▪︎ Zane Ma 15

  16. Measurement Attacker Data Source Size �� Send command Network Telescope 4.7M unused IPs Active Scanning 136 IPv4 scans Command Report �� Dispatch Loader & Control Server Infrastructure • Application protocol banners �� Relay ��� Load � � Report (telnet, FTP, HTTP, etc.) Devices �� Scan Victim • Device attribution: NMap service Bots probes, manual labeling � Attack • Future work: Individual device DDoS Target fingerprinting Understanding the Mirai Botnet ▪︎ Zane Ma 16

  17. Measurement Attacker Data Source Size �� Send command Network Telescope 4.7M unused IPs Active Scanning 136 IPv4 scans Command Report �� Dispatch Loader & Control Server Infrastructure Telnet Honeypots 434 binaries �� Relay ��� Load � � Report • Busybox shell that accepts any telnet login credentials Devices �� Scan Victim Bots • Used collected binaries to � Attack generate YARA rules DDoS Target Understanding the Mirai Botnet ▪︎ Zane Ma 17

  18. Measurement Attacker Data Source Size �� Send command Network Telescope 4.7M unused IPs Active Scanning 136 IPv4 scans Command Report �� Dispatch Loader & Control Server Infrastructure Telnet Honeypots 434 binaries �� Relay ��� Load � Malware Repository 594 binaries � Report • Found VirusTotal binaries Devices �� Scan Victim matching YARA rules Bots � Attack DDoS Target Understanding the Mirai Botnet ▪︎ Zane Ma 18

  19. Measurement Attacker Data Source Size �� Send command Network Telescope 4.7M unused IPs Active Scanning 136 IPv4 scans Command Report �� Dispatch Loader & Control Server Infrastructure Telnet Honeypots 434 binaries �� Relay ��� Load � Malware Repository 594 binaries � Report Active/Passive DNS 499M daily RRs Devices �� Scan Victim • Active = Thales DNS monitoring Bots system, using zone files, domain lists � Attack • Passive = Resource Records from DDoS Target large US ISP Understanding the Mirai Botnet ▪︎ Zane Ma 19

  20. Measurement Attacker Data Source Size �� Send command Network Telescope 4.7M unused IPs Active Scanning 136 IPv4 scans Command Report �� Dispatch Loader & Control Server Infrastructure Telnet Honeypots 434 binaries �� Relay ��� Load � Malware Repository 594 binaries � Report Active/Passive DNS 499M daily RRs Devices �� Scan Victim C2 Milkers 64K issued attacks Bots • C&C doesn’t authenticate / � Attack validate connecting bots DDoS Target Understanding the Mirai Botnet ▪︎ Zane Ma 20

  21. Measurement Attacker Data Source Size �� Send command Network Telescope 4.7M unused IPs Active Scanning 136 IPv4 scans Command Report �� Dispatch Loader & Control Server Infrastructure Telnet Honeypots 434 binaries �� Relay ��� Load � Malware Repository 594 binaries � Report Active/Passive DNS 499M daily RRs Devices �� Scan Victim C2 Milkers 64K issued attacks Bots Krebs DDoS Attack 170K attacker IPs � Attack DDoS Target Understanding the Mirai Botnet ▪︎ Zane Ma 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Open floor discussions Speakers for each day: please sit in the first row We are

Open floor discussions Speakers for each day: please sit in the first row We are

Open floor discussions Speakers for each day: please sit in the first row We are collecting everyone's input and want comments! Tweet to the hashtag: #microbiome Or use the NIH email: hmvision@nih.gov Or post questions on

421 views • 16 slides
How Much Data Is Enough To Approve A COVID-19 Vaccine? Speakers Moderator Panelists Sarah

How Much Data Is Enough To Approve A COVID-19 Vaccine? Speakers Moderator Panelists Sarah

How Much Data Is Enough To Approve A COVID-19 Vaccine? Speakers Moderator Panelists Sarah Karlin-Smith Jonathan Ellen Holly Fernandez Lynch Senior Writer, Pink Sheet Epidemiologist & Former John Russell Dickson, MD Hospital CEO And

368 views • 13 slides
Harnessing the Power of the Oceans SPEAKERS Panelists H.E. Nani Chrougha, Minister of Fisheries

Harnessing the Power of the Oceans SPEAKERS Panelists H.E. Nani Chrougha, Minister of Fisheries

SESSION 2: COASTAL STATES From Living on the Edge to Harnessing the Power of the Oceans SPEAKERS Panelists H.E. Nani Chrougha, Minister of Fisheries and Maritime Economy, Mauritania H.E. Agostinho Salvador Mondlane , Minister of the

311 views • 3 slides
Presentation made at the first session of inter-governmental negotiation on Post-2015 Agenda

Presentation made at the first session of inter-governmental negotiation on Post-2015 Agenda

Towards a UN Declaration in the Context of Post-2015 Development Agenda - A Check List by Debapriya Bhattacharya , PhD Chair, Southern Voice on Post-MDGs and Distinguished Fellow, Centre for Policy Dialogue (CPD) Presentation made at the

719 views • 20 slides
Welcome the session, please also post them in the chat box. We will do our best to address them

Welcome the session, please also post them in the chat box. We will do our best to address them

Please post your organization, location, and role in the chat box. If additional people are attending the webinar with you, please post their first and last names as well. If you have questions or comments during Welcome the

538 views • 50 slides
REBUILDING OUR ECONOMY POST COVID-19: GUARANTEES Panelists Joel Smith, Native American Bank

REBUILDING OUR ECONOMY POST COVID-19: GUARANTEES Panelists Joel Smith, Native American Bank

#OCAC20 #OCAC20 #OCAC20 REBUILDING OUR ECONOMY POST COVID-19: GUARANTEES Panelists Joel Smith, Native American Bank Christine Ryan, The California Endowment Teri Lovelace, LOCUS Impact Investing/Community Investment Guarantee Pool June 24,

232 views • 12 slides
1 2 Post-Recession Life Sciences: Post-Recession Life Sciences: Achieving Success in the

1 2 Post-Recession Life Sciences: Post-Recession Life Sciences: Achieving Success in the

1 2 Post-Recession Life Sciences: Post-Recession Life Sciences: Achieving Success in the Current Achieving Success in the Current Economic Environment Economic Environment Panelists Panelists Moderated by : Jam James C. Chapm s C.

462 views • 9 slides
Discussion on DSM topics during workshop 27 Oct 2015 Please post questions, comments, discussion

Discussion on DSM topics during workshop 27 Oct 2015 Please post questions, comments, discussion

Discussion on DSM topics during workshop 27 Oct 2015 Please post questions, comments, discussion ideas on the lines below... How can we model system behavior in a more abstract way? Are automata suitable? Perhaps there are some problems

216 views • 5 slides
Next Generation ACO Model Benefit Enhancements March 28, 2017 Disclaimer The comments made on

Next Generation ACO Model Benefit Enhancements March 28, 2017 Disclaimer The comments made on

Next Generation ACO Model Benefit Enhancements March 28, 2017 Disclaimer The comments made on this call are offered only for general informational and educational purposes. As always, the agencys positions on matters may be subject to

507 views • 22 slides
Todays Class: Post-COVID safety measures for employees Speakers Thomas Goldsby Michel

Todays Class: Post-COVID safety measures for employees Speakers Thomas Goldsby Michel

Todays Class: Post-COVID safety measures for employees Speakers Thomas Goldsby Michel Perez-Guzman Professor Director of Professional Services James A. Haslam, II Chair of Logistics Krber Supply Chain The University of Tennessee

157 views • 12 slides
Made in Africa Learning to Compete In Industry Comments and Responses Haroon Bhorat UNU-WIDER

Made in Africa Learning to Compete In Industry Comments and Responses Haroon Bhorat UNU-WIDER

Made in Africa Learning to Compete In Industry Comments and Responses Haroon Bhorat UNU-WIDER Annual Development Conference Helsinki, Finland 13-15 September, 2018 Five Key Observations 1. The Nuances in Africas Manufacturing Malaise 2.

646 views • 8 slides
Growing Writers in FWISD 8 th Grade Teachers Waiver Day: October 9, 2017 Please post comments

Growing Writers in FWISD 8 th Grade Teachers Waiver Day: October 9, 2017 Please post comments

Growing Writers in FWISD 8 th Grade Teachers Waiver Day: October 9, 2017 Please post comments and photos about your learning today @FWISD_Lit2 1 Date of Presentation 3 Things On the back of , your name tent, write 3 things you know,

498 views • 35 slides
Growing Writers in FWISD 7 th Grade Teachers Waiver Day: October 9, 2017 Please post comments

Growing Writers in FWISD 7 th Grade Teachers Waiver Day: October 9, 2017 Please post comments

Growing Writers in FWISD 7 th Grade Teachers Waiver Day: October 9, 2017 Please post comments and photos about your learning today @FWISD_Lit2 1 Date of Presentation 3 Things On the back of , your name tent, write 3 things you know,

370 views • 34 slides
Quantifying Project Impacts from COVID-19 MAY 14, 2020 1 Todays Speakers Moderator Joe

Quantifying Project Impacts from COVID-19 MAY 14, 2020 1 Todays Speakers Moderator Joe

Quantifying Project Impacts from COVID-19 MAY 14, 2020 1 Todays Speakers Moderator Joe Hogan, Vice President AGC NYS Panelists Charles F. Boland, P.E., Principal GREYHAWK Barrett Richards, CCC, CEP, PSP , Senior Managing

434 views • 29 slides
5/28/2020 Agenda & Panelists 1. Covid Trends Panelists: 2. New Jersey Donna Antenucci,

5/28/2020 Agenda & Panelists 1. Covid Trends Panelists: 2. New Jersey Donna Antenucci,

Coronavirus Updates for Virtua Health Affiliated Practices Webinar #13 5/28/2020 Agenda & Panelists 1. Covid Trends Panelists: 2. New Jersey Donna Antenucci, RN VP CIN, President LHN Reactivation Andrew Cohen, MD Medical Director

666 views • 34 slides
Updated 5/12/2020 Agenda & Panelists Panelists: Introductions Latest numbers Andrew

Updated 5/12/2020 Agenda & Panelists Panelists: Introductions Latest numbers Andrew

Coronavirus Updates for Virtua Health Affiliated Practices Webinar #12 Updated 5/12/2020 Agenda & Panelists Panelists: Introductions Latest numbers Andrew Cohen, MD Medical Director VPP, LHN Tarun Kapoor, MD President, VPP

398 views • 24 slides
Sustaining Soul While Shifting Paradigm: Trinitys Journey Through Transformation Remarks to the

Sustaining Soul While Shifting Paradigm: Trinitys Journey Through Transformation Remarks to the

Sustaining Soul While Shifting Paradigm: Trinitys Journey Through Transformation Remarks to the USA Funds Symposium February 21, 2013 President Patricia McGuire Trinity Washington University president@trinitydc.edu www.trinitydc.edu

174 views • 15 slides
Search with Wage Posting Under Sticky Prices Andrew Foerster Jose Mustre-del-Rio Federal Reserve

Search with Wage Posting Under Sticky Prices Andrew Foerster Jose Mustre-del-Rio Federal Reserve

Introduction Model Results Conclusion Search with Wage Posting Under Sticky Prices Andrew Foerster Jose Mustre-del-Rio Federal Reserve Bank of Kansas City May 2015 The views expressed herein are solely those of the authors and do not

642 views • 21 slides
Kathleen C. Lake Coordination of Scheduling Processes Gas/Electric Coordination Conferences

Kathleen C. Lake Coordination of Scheduling Processes Gas/Electric Coordination Conferences

Symposium on Reliability and Security Across the Energy Value Chain March 11, 2015 Kathleen C. Lake Coordination of Scheduling Processes Gas/Electric Coordination Conferences Show Cause Order on Posting of Offers to Purchase Released

108 views • 6 slides
Statistical analysis of the social network & discussion threads in Slashdot Vicen Gmez

Statistical analysis of the social network & discussion threads in Slashdot Vicen Gmez

Statistical analysis of the social network & discussion threads in Slashdot Vicen Gmez Andreas Kaltenbrunner Vicente Lpez Barcelona Media Innovation Center (BM) Barcelona, Spain Department of Information and Comunication

482 views • 23 slides
Valley Clean Energy Board Meeting Wednesday, January 23, 2019 Yolo County Board of Supervisors

Valley Clean Energy Board Meeting Wednesday, January 23, 2019 Yolo County Board of Supervisors

Valley Clean Energy Board Meeting Wednesday, January 23, 2019 Yolo County Board of Supervisors Chambers, Woodland, CA 1 Item 14 VCE 2019 Procurement Guide Update, Delegations and Directives Overview: Background Purpose

517 views • 28 slides
GENERAL TERMS AND TIMELINE GENERAL TERMS AND TIMELINE Paycheck Protection Program Loans

GENERAL TERMS AND TIMELINE GENERAL TERMS AND TIMELINE Paycheck Protection Program Loans

GENERAL TERMS AND TIMELINE GENERAL TERMS AND TIMELINE Paycheck Protection Program Loans Paycheck Protection Program Loans Eligible small businesses with fewer than 500 employees may apply for the loan; The loan can be up to 2.5 times

550 views • 33 slides
PPP and What You Need to Know for Presentation for: Yourself, Your Staff and Your Practice

PPP and What You Need to Know for Presentation for: Yourself, Your Staff and Your Practice

PPP and What You Need to Know for Presentation for: Yourself, Your Staff and Your Practice Ara Babaian, Esq. Encore Law Group LLP May 19, 2020 Presentation Outline What Does All This PPP Overview Eligibility Loan Forgiveness

540 views • 16 slides
Outline of the Forgiveness Calculation Based on current guidance, it appears that the amount of

Outline of the Forgiveness Calculation Based on current guidance, it appears that the amount of

Outline of the Forgiveness Calculation Based on current guidance, it appears that the amount of forgiveness will be calculated in a 4 step process it is complicated. We will provide a written example on our website watrust.com. Lets use

374 views • 13 slides

More recommend