Analysis of an Internet-wide Stealth Scan from a Botnet
Authors:
Alberto Dainotti, Cooperative Association for Internet Data Analysis
Abstract:
Botnets are the most common vehicle of cyber-criminal activity. They are used for spamming, phishing, denial of service attacks, brute-force cracking, stealing private information, and cyber warfare. We present the measurement and analysis of a horizontal scan of the entire IPv4 address space conducted by the Sality botnet last year. This 12-day scan originated from approximately 3 million distinct IP addresses and tried to discover and compromise VoIP-related infrastructure. We observed this event through the UCSD Network Telescope. Sality is one of the largest botnets ever identified by researchers, representing ominous advances in the evolution of modern malware. This talk offers a detailed dissection of the botnet’s scanning behavior, including general methods to correlate, visualize, and extrapolate botnet behavior across the global Internet.
kc claffy has played a leading role in Internet research for more than a decade. For the past 15 years she has led the direction, strategy, and overall management of the Cooperative Association for Internet Data Analysis (CAIDA), which she founded at the UC San Diego Supercomputer Center in 1996. CAIDA is an internationally respected Internet research organization, responsive to industry, government, and academic sector needs and interests, providing tools and analyses to promote a robust, scalable global Internet infrastructure. As a research scientist at SDSC and Adjunct Professor of Computer Science & Engineering at UCSD, her research interests include Internet data collection, analysis, visualization, and enabling others to make use of CAIDA data and results. She has been at SDSC since 1991 and holds a Ph.D. in Computer Science from UC San Diego.
Alberto Dainotti is a PostDoc at CAIDA (Cooperative Association for Internet Data Analysis) at UC San Diego. In 2008 he received his Ph.D. in Computer Engineering and Systems at the Department of Computer Engineering and Systems of University of Napoli “Federico II,” Italy. He has co-authored several peer-reviewed papers published at conferences and in scientific journals in the field of Internet measurement, traffic analysis, and network security. He serves as an independent reviewer/evaluator of projects and project proposals co-funded by the European Commission.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
BibTeX
@conference {255728,
author = {kc claffy and Alberto Dainotti},
title = {Analysis of an Internet-wide Stealth Scan from a Botnet},
year = {2012},
address = {San Diego, CA},
publisher = {USENIX Association},
month = dec
}
connect with us