What is command-and-control server (C&C server)? - Definition from WhatIs.com

Definition

command-and-control server (C&C server)

Part of the Network security glossary:

A command and control server (C&C server) is the centralized computer that issues commands to a botnet (zombie army) and receives reports back from the coopted computers.

In the traditional botnet, which includes a C&C server, the bots are typically infected with a Trojan horse and subsequently communicate with a central server using IRC. The botnet might be used to gather misappropriated information, such as credit card numbers. Depending on the purpose and structure of the botnet, the C&C server might also issue commands to start sending spam or begin a DDoS (distributed denial of service) attack.

Depending on its topology, a botnet may have multiple C&C servers or none at all.

Typical botnet topologies include:

  • Star, in which the bots are organised around a central server.
  • Multi-server, in which there are multiple C&C servers for redundancy.
  • Hierarchical, in which there are multiple C&C servers that are organized into tiered groups.
  • Random, in which there is no C&C server at all and coopted computers communicate as a peer-to-peer botnet (P2P botnet).

Since IRC communication is typically used to command botnets, it is often guarded against, which has motivated the drive for more covert ways for C&C servers to issue commands. Alternative channels used for botnet command include JPG images, Microsoft Word files and posts from LinkedIn or Twitter dummy accounts.

Learn more about botnet command and control in this video:

This was last updated in May 2014
Contributor(s): Matthew Haughn
Posted by: Margaret Rouse

Related Terms

Definitions

  • due diligence

    - Due diligence definition: Due diligence is the process of systematically researching and verifying the accuracy of a particular statement. In the business world, due diligence is required to valida... (WhatIs.com)

  • Misfortune Cookie

    - Misfortune Cookie is a firmware vulnerability in some routers that makes it possible for an attacker to gain administrative privileges and attack the devices and, through them, the network.   (WhatIs.com)

  • embedded system security

    - While trends like BYOD, the IoT and automation speed ahead, the security of embedded systems often lags. As attacks on embedded systems and firmware become more common, however, it becomes increasi... (WhatIs.com)

Glossaries

  • Network security

    - Terms related to network security, including definitions about intrusion prevention and words and phrases about VPNs and firewalls.

  • Internet applications

    - This WhatIs.com glossary contains terms related to Internet applications, including definitions about Software as a Service (SaaS) delivery models and words and phrases about web sites, e-commerce ...

Ask a Question. Find an Answer.Powered by ITKnowledgeExchange.com

Ask An IT Question

Get answers from your peers on your most technical challenges

Ask Question

Tech TalkComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.