DDoSPedia is a glossary that focuses on network and
application security terms with many distributed
definitions. It provides a central place for hard to find web-scattered
definitions on this topic.
"Command and Control" (C&C) servers are centralized machines that are able to send commands and receive outputs of machines part of a botnet. Anytime attackers who wish to launch a DDoS attack can send special commands to their botnet's C&C servers with instructions to perform an attack on a particular target, and any infected machines communicating with the contacted C&C server will comply by launching a coordinated attack.
Botnet C&C servers often exist in one of four structures each with pros and cons: star, multi-server, hierarchical, and random:
Random topology botnets do not rely on any C&C servers; rather, all botnet commands are sent directly from one bot to another if they are deemed to be "signed" by some special means indicating that they have originated from the botnet owner or another authorized user. Such botnets have very high latency, and will often allow for many bots within a botnet to be enumerated by a researcher with only one captured bot. Many times special forms of encrypted bot to bot communication over public peer-to-peer networks is used in conjunction with a more complex C&C server topology (such as in the TDL-4 botnet) in order to render such botnets that are particularly difficult to dismantle.