(Denial of Service network
) is a type of botnet
and mostly used as a term for malicious botnets while benevolent botnets often simply are referred to as botnets. Dosnets are used for Distributed Denial of Service
(DDoS) attacks which can be very devastating.
They range in size from a couple of bots to a couple of thousand bots up to over a hundred thousand bots.
Many dosbots use the IRC
protocol, but some use their own custom protocols. Some may use a decentralized P2P
network. When IRC is used, the botmaster often has usermode <tt>+i</tt> (invisible) and the channel often has mode <tt>+psntk</tt> (private, secret, and need password to join). Sometimes the network is hosted on a public IRC network, while more capable botmasters host the network on private servers.
More advanced dosnets use technologies such as SSL
connections and cryptography
to prevent packet sniffing
, data inspection, and analysis.
The botmaster can use the bots to "packet
" (send a disruptive data flood) to other computers or networks. He/she can often also make them perform various other tasks, such as remotely fetching a new version of the bot software and updating themselves.
Well-known dosnet software includes TFN2k
, and Trinoo
There are dosnet hunters who find dosnets and analyze the bots and/or the network in order to dismantle them. For example by discovering access to bots and commanding them to "uninstall" themselves if such a... Read More