You are located in service: IT Security

Rishi

Rishi

Kurzinformation

In Hinduism, Rishi (from Sanskrit) denotes a seer or a mythical creature. Rishi are alleged to have the power to perform miracles and heal diseases.

Rishi is a software for identifying IRC-Bot infected computers which was developed at the IT Center.


Detailinformation

By means of a passive sniffing of the network traffic, information, that are transmitted via the Internet Relay Chat- (IRC-) protocol, are extracted and checked for the occurrence of specific characteristics. A point system, which assigns a point score to individual connections on the basis of the detected information, determines whether there is a connection to a IRC-Botnet or not. 

By means of a web frontend, the collected data can be examined and infected computers can be identified. Additionally, an e-mail can be created to contact the owner or admin of a contaminated computer. 

IRC

The abbreviation IRC stands for Internet Relay Chat, one of the major chat programs on the internet. Distributed over several servers worldwide, people meet here to communicate or to exchange data. The IRC has so-called "channels" or rooms in which people can meet and discuss specific topics. 

Each user in the IRC chooses a "nickname" to identify themselves within the IRC network. In addition, a variety of functions is provided that contain the exchange of files or private conversation.

Botnet

The term "bot" actually stems from the word "robot". Here, it denotes a software that, to a certain extent, can operate automatically or by means of which a computer can be remoted-controlled. Originally, bots were deployed as small helper applications or, especially in the IRC, e.g. as quiz robots that place questions in a room which can be answered by the guests.

Apart from these rather harmless tools, there is a wide range of malicious software, that the IRC, as a global communication network, exploits for controlling infected computers. Such contaminated computers, also referred to as bots or zombies, connect to the IRC network after the compromising and "meet" in a specific room. The attacker can now contact any infected computer via this room and even issue commands by sending messages. This gathering of bots in a IRC network is called botnet (robot network) or command and control (C&C) server. From here the attacker commands the computer to send SPAM or to complete massive denial of service (DoS) attacks on specific computers or services.

last changed on 29.01.2021

How did this content help you?