1 00:00:06,960 --> 00:00:08,200 - [Instructor] Denial-of-service attacks 2 00:00:08,200 --> 00:00:10,450 have been around for quite some time. 3 00:00:10,450 --> 00:00:11,850 Now, what I want to do here 4 00:00:11,850 --> 00:00:14,190 is actually provide you with an overview 5 00:00:14,190 --> 00:00:16,820 of the different denial-of-service 6 00:00:16,820 --> 00:00:19,400 and distributed denial-of-service attacks, 7 00:00:19,400 --> 00:00:21,310 and the difference between them, right? 8 00:00:21,310 --> 00:00:23,670 And basically, denial-of-service attacks 9 00:00:23,670 --> 00:00:27,620 can be divided into three different categories. 10 00:00:27,620 --> 00:00:31,410 Direct, reflected, and amplification attacks. 11 00:00:31,410 --> 00:00:33,200 And basically, a direct attack 12 00:00:33,200 --> 00:00:36,610 is whenever the source of the attack generates packets, 13 00:00:36,610 --> 00:00:37,940 regardless of the protocol, 14 00:00:37,940 --> 00:00:40,020 regardless of the application and so on. 15 00:00:40,020 --> 00:00:43,230 And they're actually sent directly to the victim, 16 00:00:43,230 --> 00:00:45,350 just as the word says. 17 00:00:45,350 --> 00:00:47,570 Now, in a reflected attack, 18 00:00:47,570 --> 00:00:49,270 things are a little bit different. 19 00:00:50,230 --> 00:00:51,870 And this is because 20 00:00:51,870 --> 00:00:55,070 with reflected denial-of-service attacks, 21 00:00:55,070 --> 00:00:59,640 attackers send to sources spoof packets 22 00:00:59,640 --> 00:01:03,510 that basically appear to be from the victim 23 00:01:03,510 --> 00:01:08,010 and then those sources become unwilling participant 24 00:01:08,010 --> 00:01:10,420 in the actual attack themself. 25 00:01:10,420 --> 00:01:14,720 And of course, send their response traffic 26 00:01:14,720 --> 00:01:17,950 back to the unintended victim. 27 00:01:17,950 --> 00:01:21,865 Now, in most cases, this is actually done 28 00:01:21,865 --> 00:01:26,690 using things like UDP as the transport mechanism 29 00:01:26,690 --> 00:01:30,060 because it's actually really easy to be spoof 30 00:01:30,060 --> 00:01:32,770 due to the lack of the three way handshake. 31 00:01:32,770 --> 00:01:35,190 For example, if the attacker actually decides 32 00:01:35,190 --> 00:01:36,410 he want to attack a victim, 33 00:01:36,410 --> 00:01:39,070 he can actually send packets like 34 00:01:39,070 --> 00:01:43,260 NTP packets, DNS packets, and many others 35 00:01:43,260 --> 00:01:46,913 that actually use UDP for communication. 36 00:01:47,810 --> 00:01:51,350 Now, let's cover the last type of denial-of-service attack 37 00:01:51,350 --> 00:01:53,710 and that's actually an amplification attack. 38 00:01:53,710 --> 00:01:56,280 And basically, an amplification attack is a form 39 00:01:56,280 --> 00:01:58,670 of reflected denial-of-service attacks 40 00:01:58,670 --> 00:02:01,070 in which the response traffic, 41 00:02:01,070 --> 00:02:04,790 that is actually sent by the unwilling participant, 42 00:02:04,790 --> 00:02:08,450 is actually made up of packets that are much larger 43 00:02:08,450 --> 00:02:12,200 than those that were initially sent by the attacker. 44 00:02:12,200 --> 00:02:14,050 Now, an example of this attack 45 00:02:14,050 --> 00:02:18,150 is an attacker actually sending DNS queries to a DNS server 46 00:02:18,150 --> 00:02:21,980 that is actually configure as an open resolver. 47 00:02:21,980 --> 00:02:25,260 And then the DNS server, or the open resolver, 48 00:02:25,260 --> 00:02:27,730 will reply with responses 49 00:02:27,730 --> 00:02:31,240 that are much larger in packet size 50 00:02:31,240 --> 00:02:33,520 than the initially query packets. 51 00:02:33,520 --> 00:02:35,703 As you actually can see in the screen.