Detecting Botnets with NetFlow

• Authors: KRMÍČEK Vojtěch; PLESNÍK Tomáš
• Year of publication: 2011
• Type: R&D Presentation
• MU Faculty or unit: Institute of Computer Science
• Description: Network security awareness based on flow monitoring (NetFlow) is used with success at Masaryk University. We have discovered a new botnet called Chuck Norris at Masaryk University in December 2009. This botnet attacks vulnerable devices as ADSL modems and routers. In this talk, we will present and describe a set of detection methods for revealing Chuck Norris botnet in observed network using flow data. Also we will show the implementation of these methods as a plugin for NetFlow collector NfSen.

Related projects

• CYBER - Security of Czech Army Information and Communication Systems - On-line Monitoring, Visualization and Packet Filtration. Computer Incident Response Capability Development in the Cyber Defence Environment