We have been meeting with term BotNets since early era of computers. Hand in hand with systems as universal possibility of manipulating with data, we also meet programs which breaks trusted program principles and belongs to category of untrusted. The term of BotNet was classified as form of multiattack possibility on the target via DDoS. The term of BotNet was classified as form of multi-attack possibility on the target via DDoS attack. About this attack we will talk and we show some methods later. Currently, however, the opposite is true. This impression of the past is no longer valid. BotNets are a set of endpoints, also known as clients or slave clients, that communicate with the master client. There are many ways of communicating between the master and slave clients, and the effectiveness of BotNets itself depends on it. We will describe these ways later. If we have introduced the term BotNets as a set of endpoints that communicate with each other, we can take only one endpoint for BotNet, which communicates with the master client as a standalone unit to what extent the term "network" represents a set of active elements. In the case of some programmer matches / disagreements, we have to realize what the term set of endpoints is. BotNets are sets of objects that represent the computational power and the ability to connect in real time, to be active and “unique”. Be unique in real time through an IP address in term of access. In the later chapter, we will talk about the possibility of connecting behind NAT, and certainly many of you suspect some problems. But what about using the FTP / HTTP protocol? If a set of endpoints represents computational power (eg. when breaking passwords), what prevents us from creating two endpoints to run 8 virtual machines? And what if we replace 10,000 endpoints for connecting to a super computer?