1 00:00:00,320 --> 00:00:02,750 In the last lesson, we discussed the concept of 2 00:00:02,750 --> 00:00:04,210 a denial of service attack, 3 00:00:04,210 --> 00:00:06,330 and we went over all of the different types of them, 4 00:00:06,330 --> 00:00:08,670 but most modern systems can't be taken down 5 00:00:08,670 --> 00:00:11,500 by a single machine attempting a denial of service anymore, 6 00:00:11,500 --> 00:00:13,940 so attackers got smarter and they created 7 00:00:13,940 --> 00:00:16,800 a distributed denial of service, or DDoS. 8 00:00:16,800 --> 00:00:18,920 Now, a distributed denial of service attack, 9 00:00:18,920 --> 00:00:21,810 instead of using a single attack targeting one server, 10 00:00:21,810 --> 00:00:24,340 they use hundreds or even thousands of machines 11 00:00:24,340 --> 00:00:27,770 to launch an attack simultaneously against a single server, 12 00:00:27,770 --> 00:00:29,470 and force it offline to create 13 00:00:29,470 --> 00:00:31,360 that denial of service condition. 14 00:00:31,360 --> 00:00:33,340 Usually, these machines that conduct the attack 15 00:00:33,340 --> 00:00:35,560 don't even realize that they're a part of it, though. 16 00:00:35,560 --> 00:00:38,070 Generally, these machines have become zombies or bots 17 00:00:38,070 --> 00:00:40,730 inside a large botnet and then when they receive 18 00:00:40,730 --> 00:00:41,930 that command to attack, 19 00:00:41,930 --> 00:00:44,410 they all simultaneously send all their payloads 20 00:00:44,410 --> 00:00:46,080 against a single victim. 21 00:00:46,080 --> 00:00:49,280 Now, in addition to most basic forms of DDoS attacks, 22 00:00:49,280 --> 00:00:51,640 there is one specific type of DDoS attack called 23 00:00:51,640 --> 00:00:55,260 a DNS amplification attack that could be performed. 24 00:00:55,260 --> 00:00:57,750 This specialized DDoS allows an attacker to generate 25 00:00:57,750 --> 00:01:00,610 a high volume of packets that's intended to flood 26 00:01:00,610 --> 00:01:03,760 a victim's website by initiating DNS requests from 27 00:01:03,760 --> 00:01:06,400 a spoof version of the target's IP address. 28 00:01:06,400 --> 00:01:09,000 This causes the DNS servers to respond to that request 29 00:01:09,000 --> 00:01:10,900 and send the response back to the server, 30 00:01:10,900 --> 00:01:12,380 thinking that it's valid. 31 00:01:12,380 --> 00:01:15,420 Because a DNS request uses very little bandwidth to send, 32 00:01:15,420 --> 00:01:18,570 but the response usually takes up a lot more bandwidth, 33 00:01:18,570 --> 00:01:20,710 this allows the attack to be amplified against 34 00:01:20,710 --> 00:01:21,770 the victim's server. 35 00:01:21,770 --> 00:01:23,830 Also, if this is happening because thousands 36 00:01:23,830 --> 00:01:25,640 of simultaneous requests are being made 37 00:01:25,640 --> 00:01:27,120 by a bunch of zombies and a botnet 38 00:01:27,120 --> 00:01:28,930 on behalf of your victim's server, 39 00:01:28,930 --> 00:01:31,920 you can easily become overwhelmed with a lot of information 40 00:01:31,920 --> 00:01:34,250 and eat up lots of bandwidth pretty quickly, 41 00:01:34,250 --> 00:01:38,417 causing that denial of service condition to occur.