|
In the P2P method of command and control the bot only tends to know a list of peers of which it can send commands to and that are passed on to other peers further down the botnet. The list tends to be around 256 peers which allows it to be small enough for it to allow commands to be quickly passed on to other peers and makes it harder to disrupt the operation of the botnet while allowing it to remain online if major numbers of peers are taken down in a takedown effort.
==Systems used for Commandcommand and Controlcontrol==
{{Unreferenced section|date=March 2016}}There have been different ways Command and Control (C&C) have been implemented.
HereCommand areand control (C&C) has been implemented in a somenumber of ways, the most common and well known types of C&Cways listed.being:
===Domains as C&C===
This is one of the earliest types of C&C. A [[zombie (computer science)|zombie]] computer accesses a specially-designed webpage or ___domain(s) which serves the list of controlling commands. The advantages of using a webpages or domains as C&C is that a large botnet can be effectively controlled and maintained with very simple code that can be readily updated. ▼
This is one of the earliest types of C&C known.
A [[zombie (computer science)|zombie]] computer accesses a specially-designed webpage or ___domain(s) which serve the list of controlling commands.
▲The advantages of using a webpages or domains as C&C is that a large botnet can be effectively controlled and maintained with very simple code that can be readily updated.
Disadvantages of using this method are that it uses a considerable amount of bandwidth at large scale, and domains can beenbe quickly seized by government agencies without much trouble or effort. If the domains controlling the botnets are not seized, they are also easy targets to compromise with [[denial-of-service attack]]s.
===IRC as C&C===
IRC networks use simple, low bandwidth communication methods making them widely used in the past to host botnets. They tend to be relatively simple in construction, and have been used with moderate success for coordinating DDoS attacks and spam campaigns while being able to continually switch channels to avoid being taken down. However, in some cases the mere blocking of certain keywords has proven effective in stopping IRC-based botnets.
===P2P as C&C===
Since most ofbotnets the timeusing IRC networks and domains can be taken down with time, hackers have moved on to P2P botnets with C&C as a way to make it harder to be taken down. ▼Peer-to-peer botnets with Command and Control based on peer-to-peer technology have been more less recent in the threat landscape.
▲Since most of the time IRC networks and domains can be taken down with time, hackers have moved on to P2P as a way to make it harder to be taken down.
Some have evenalso been known to useused encryption as a way to secure or lock down the botnet from others, most of the time when they use encryption it is [[public-key cryptography]] and has presented challenges in both implementing it and breaking it.
==See also==
| 