Understanding Botnets: Architecture, Attacks, and Mitigation Strategies

Botnets represents a significant threat in the cybersecurity landscape. Botnets relies on the set of compromised devices called as bots or zombies which are remotely connected and controlled by the adversary or the hacker. The adversary or the hacker controls the infected devices via a Command and Control(C&C) server. Botnets or bots are known for exploiting the set of vulnerabilities, escalating privileges and permissions in the infected systems and also establishing backdoors. Hackers or adversaries may use botnets to launch large scale cyber-attacks, in most cases it is a type of DOS (Denial of Service) attack. The article focuses on the architecture of botnets and also the way it works with a C&C server in general. A basic pythonic implementation of botnet is implemented to showcase how dangerous they may be, here it just sends back an acknowledgement message back to the user using sockets. The article also deals with various types of Denial-of-Service attacks in a detailed manner and then provides a detailed simulation of two types of DOS attacks in general which is the PoD attack and LAND attack. The article then later deals with the set of mitigation strategies to prevent and minimize the overall effects which may be caused via botnets. This article aims to give a basic foundational understanding of botnets in general with a basic comparison of the various types of botnet attacks.