I welcome back to the course and the last model. We wrapped up our discussion on social engineering, so we finished out with our little reconnaissance lab on social engineering.
In this video, we're gonna go over modulate a denial of service
so denial of service or DOS and more commonly here in the media about de dos or distributed denial of service. So basically, the goal here is to prevent a legitimate user or individual from accessing a particular resource. So that might be like a website. A Web server could just be like something on the Internet page
could be like actually seeking a file. Whatever it is, we want to prevent them from accessing the resource. So if we think back to our CIA tree odd
confidentiality, integrity and availability, this is gonna fall into the availability portion of the tree out.
So some different types of denial of service and distributed denial of service attacks. We've got the UDP flood ICMP flood, the pink and death which you don't really see too much anymore. And smurf attack, sin, flood, slow Loris and also the d r dos are distributed reflection, denial of service.
So you keep the flood. So basically, as the name implies, were flooding or sending a large number of UDP packets to random ports on the target machine.
And so what that's gonna do, the target's gonna reply with ICMP destination unreachable. So the goal here is to basically eat up. All the resource is of that particular device
so we can use different tools like UDP, your corn and also the lower Bert Ion Cana or L O. I see both of those are pictured here.
I see on P flood, so our ping packets right are paying or echo. Request on this is more successful. If the attacker actually has a higher amount of bandwidth in the target machine, especially now that people are in the cloud, you may not see this type of attack too much.
Think of death as I mentioned before. It's really not in use at all. Basically, what it does is a soon's and malformed pink package, so it doesn't send like a normal size packet on Dhe. Then it may also break it up and then reassemble it after it's hitting the target machine.
It's more for tax. Basically, this one is going to spoof the victims i p address and then send a large amount of ICMP package, two different devices and then basically all those devices will send responses back to the victim My p
sin flood. As the name implies, the attacker actually send sin packets. So basically, if we think back to our three way handshake of, you know, the Sin Cenac and then the hack, basically the target machine is saying, Well, you know, I'm trying to establish is through a connection here with you and you're not responding. So that's what that is. It's another type of attack, too.
Again, effect the availability so that the resource cannot be used
slow Loris. So this one opens connections on the target, but it never actually completed request. So it opens https connections, and it never actually complete SOS.
And the goal of it is to have server block other connections, and then also we could do some medication, so basically weaken one of the many things we could do. We can limit the number of connections for a single i p address
So distributed reflection dos or D R dos. This uses UDP packets and then again, just like all these other ones in denial of service or distributed denial of service were affecting the availability of the data off the website. Whatever the case might be
so pictured here is just one of many tools out there that can be used to combat against D. R. Doster. Distributed reflection dos
So botnets you've heard about these in the media, right? You hear all sorts of things about them. So you've got different botnets out there in different ways to do it. But essentially, you're gonna have the criminal hacker. You know, activist, whatever they are, you're gonna have them. And then they're gonna have command control servers in some capacity
and then basically other infected computers or devices because, as we've seen with the mirror botnet,
it could be the Internet of things right coming after us.
So did I. Also bought a net the countermeasures number one recognized early signs of especially of de dos and say, Oh, wait. Wait a minute here. I think we're under attack. Contact your eyes PC if they got anything upstream and upstream just means like basically up the line of the of the whatever connection we're using. So the next echelon were next level of organization.
But anyways, the I S P just contact them, they may have something in place that they can either. You know, with your with your upstream, they can put something in place to protect your little better. Or they may even have problems themselves, so it's definitely gonna reach out to them.
You also what can have a December response plan now that's not gonna really be specific towards like preventing these or, you know, but basically, the innocent and response plan gives us a set of standards to go buy a measurement for employees. And so that will help can be a countermeasure against these particular things.
The load balanced here, that's probably one of the biggest one. That and the anti de Gaulle solution from the cloud. Both of those are probably the best options here. It's kind of tough to recognize early signs because it might just be, you know, a surgeon traffic, especially if you're thinking e commerce or some like that. But with load balancer in the anti de Gaulle solution,
those are good options here. Basically, we're tryingto when they're attacking one server. We're trying to disseminate the load
across all sorts of devices again. As you can imagine, that's a lot easier up in the cloud.
So just one post assessment question here D r dos that uses TCP packets
Or is that true or false?
If you said false, you are correctly, as we discussed, it actually uses UDP packets, not TCP.
So in this video, we talked about denial of servers
and the next module We're gonna talk about session hijacking.