Botnet

A Botnet is a collection hosts (bots) under a common command and control infrastructure. Often the command and control is an IRC server or a specific channel on a public IRC network. A bot typically has an agent client such as an IRC client and programs that are activated through the command and control infrastructure. Generally botnets are made up of compromised systems with scan, exploit and attack tools all used for nefarious purposes including denial of service attacks or sending of spam. Miscreants running these rogue botnets do so for reasons varying from fun to profit, with botnets often at war with each other. Popular botnet malware in 2004 include agobot, phatbot, rbot, rxbot and sdbot.

Spam attacks originating from a Botnet can be identified by passive os fingerprinting, a technique first introduced in OpenBSD in the venerable pf packet filter. Newer firewall equipment can be configured to take action when a botnet is attacking by using information obtained from passive os fingerprinting.