[tor-dev] botnets in tor

Enkidu Mo Shiri volatilitux at gmail.com
Sat Nov 22 01:51:56 UTC 2014


Hi everyone,
am new and not very sure about rules here,hope its not off-topic.
im master student researcher and i am working on  botnet detection.
it would be appreciated if anyone can help me with :
I. anyway to detect botnet trafic out of normal tor traffic?
II. is this solution possible to apply?
   to attach a script to botnet ( so we pass reverse engineering and no
mess with codes of malware) and send it back to network,  let the relays
and last node which is botmaster recieves the compromised botnet ,and the
script report our detector machine of any time it been re-routed in tor
network ( hidden service and relays and botmaster) about : ip address of
receiver hosts (relays) and their computer information( os,...) and
consider last hop as botmaster. after using this technic for few botnets,
we can have a good view of how relays (and which relays) been used for
attack bt botnet and who is botmaster : it can help tor admin to clean
relays, remove that hidden service , blacklist botmaster ip address
thank you
*Ehsan Moshiri (Enkidu)*
*Digital Forensic Student*
*H/P:+96164953954 , +961124249769*

*Linkedin: http://my.linkedin.com/pub/enkidu-moshiri/59/baa/90b/
<http://my.linkedin.com/pub/enkidu-moshiri/59/baa/90b/>*
*Facebook: Enkidu Mo Shi Ri*
*wechat: Enkidu-Moshiri*
*Line: Enkidu.Moshiri*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20141122/28b3678a/attachment.html>


More information about the tor-dev mailing list