L7: Adv. Network Monitoring

Question 1

A bot is often called a:

Answer 1

Zombie

Question 2

Botnets account for more than 95% of all spam.

Answer 2

True

Question 3

All distributed denial of service (DDoS) attacks are done through botnets.

Answer 3

True

Question 4

Botnets are often set-up for short-term uses.

Answer 4

False

Question 5

A coordinated group of malware instances that are controlled via C&C channels is called a:

Answer 5

Botnet

Question 6

Which of the following behaviors are indicative of botnets?

• Linking to an established C&C server
• Generating Internet Relay Chat (IRC) traffic using a specific range of ports
• Generating DNS requests
• Generating SMTP emails/traffic
  Reducing workstation performance/internet access to the level that it is noticeable by users

Answer 6

• Linking to an established C&C server
• Generating Internet Relay Chat (IRC) traffic using a specific range of ports
• Generating SMTP emails/traffic
  Reducing workstation performance/internet access to the level that it is noticeable by users

Question 7

What can botnets do to evade C-plane clustering?

Answer 7

Manipulate communication patterns

Question 8

What can botnets do to evade A-plane clustering?

Answer 8

Perform slow spamming

Use undetectable activities

Question 9

What should be considered in order to identify the source (perpetrator) of an APT attack?

Answer 9

Source IP
Coding style of Malware
Inclusion of Special Libraries
Motives of the attack
Language encoding