Agobot download
* Sends combinations of uncommon IP packets to hosts * IP stack penetration tool / ‘exploit generator’ Implements the well known DDoS attack Mixter authored in 1999. Presenting all the commands is beyond the scope of this paper, as Agobot comes along with over 90 commands in the default configuration. In the following, we cover the more popular commands implemented in the common bots we have captured in the wild. Hopefully comprehensible and applicable port sequences do emerge that can help distinguish extremely well programmed Bots and allow for further study into the most elite Botnets. This activity would have to be monitored during a live session with an intrusive Bot facing massive disconnections and reopening of ports. I have not yet seen enough satisfying data on this topic, although scanning mechanisms and “most frequent port lists” are known, I want to determine if any of the Bots are intelligent enough to connect to more stable ports by either randomly selecting ports to attempt connection or by algorithmic sequencing. A second realm in which I tend to gather data is on the various bots ability to remain connected while various port configurations are enacted. Of course the desires and objectives of each given party are different and thus configurations based on acquired data would be user specific. Research in this realm could also make for more predictable server stability in the long run by providing data for optimized server updating schedules.
If a trend emerges in the data gathered that can accurately predict what type of bot is most likely going to connect to which one of your ports and with what command, a much tighter filter can be placed allowing for administrators to better capture the Botnet types they desire to study.
AGOBOT DOWNLOAD UPDATE
Research in this realm should be very conducive towards better arming It personnel in that more effective IDS and IPS systems can be implemented if network admins are more knowledgeable about the evolution, and progressive algorithm enhancement of various bots categorized by attack type, cloning strategy, host IP ranges, lifespan, and update cycle. Having looked at the current research and the various advances and deficits, I am greatly considering looking into the updating behavior and cycles of various Botnets.
I think that given the time frame and desire to produce admirable results (having to complete a background check I can not yet deploy a Honeynet on University property, this should be accomplished by the middle of next week). A good look into the basic configurations and commands for three common Bots.