Botnet lab exercises for graduate-level security class?

Viewing 6 reply threads
  • Author
    • #5627


      I’m teaching an Introduction to Computer Security class and would love
      to find what others have done in creating lab exercises for building and
      managing a simple botnet in order to make it more “real” for my
      students. Any pointers to references would be much appreciated.

      Thanks in advance.


      T E D  M A R K O W I T Z
      Dept. of Electrical & Computer Engineering and Computer Science (ECECS)
      252 Buckman Hall
      Tagliatela School of Engineering
      University of New Haven
      West Haven, CT 06516

      office/fax: 1-203-655-2400
      mobile: 1-203-984-6565

    • #35456

      First, I don’t have any example code to throw your way, but I’d tread lightly on this.  I think there are some legal implications in giving your students bot software.

      If you were keeping the whole thing in a lab, you might write some simple bot code that sends packets on command (simulated DDOS) in your university lab and provide students access to the controller to see how it works.  That way even if it gets out (and it will), your liability is pretty nill.

    • #35457

      Excellent points and I warn my students about such things all semester. On the other hand, I don’t think there’s a better way to learn to protect yourself than knowing exactly how attackers go about hurting you.

      Actually I was planning on doing precisely as you suggest: off-line, well-insulated, using throw-away VM’s as targets, etc. I’m just looking for some example code to use as a headstart vs. beginning completely from scratch.



    • #35458

      You might want to check some links I posted few months back,com_smf/Itemid,54/topic,5541.0/

    • #35459

      Hi Ted, Just to reinforce what was mentioned before but with the strongest point that you should MAKE students very aware of: 5 years + $250,000.

      I suggest using a packet builder that will allow you to use a test script that will have them understand what takes place.

      Example free builder: Engage Packet builder – Scriptable libnet-based packet builder

      Student Charged with Using University Computer Network for Denial of Service Attacks and to Control Other Computers (via “BotNet” zombies)

      Hope this helps as I teach many of the CEH classes

    • #35460

      FYI you can follow our tweets on:

      Another high level botnet case:

      VANCOUVER–The take down of the Mariposa botnet is a cyber law enforcement success story – but gaps in international cyber law could make it difficult to prosecute those behind the botnet.

      A researcher involved in the analysis and dismantling of the Mariposa botnet said that gaps in cyber crime laws in the countries from which the botnet was operated may make it difficult to prosecute those accused of operating the scheme.

    • #35461

      Here is a great video link posted in one of the other posts:

      Botnets using twitter

      And Don posted this as well:

      Gee thanks Ted now I am going to be spending the day on Bot Nets  :'(

Viewing 6 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?