Introduction to DoS and DDoS Attacks

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
7 hours 6 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
Hey, everyone, welcome back to the course. So in this video, we're just gonna go over a brief introduction to denial Service and DDOS attacks, and we'll also talk about some of the categories of those attacks.
00:12
So what is a denial of service attack? Well, if you remember the CIA triage from earlier in this course that we talked about that affects the availability. So denial of service attacks and DDOS attacks
00:23
affect the availability of the information. So this is basically just attack on a computer or network. So, for example, maybe a Web server or the actual network itself could also just be an attack on, like an application. And essentially, what's happening here is
00:38
the victim, or the target is being flooded with requests. So in a typical denial of service or DDOS attack the victims being flooded with so many requests that they just they can't access the system or the right people can't access the systems. I should
00:54
an example of this, like think about if you're in your drinking. Ah, bottle of water. Right. So let's say you're drinking from a gallon jug of water and you're swallowing your swallowing the water, etcetera and you're drinking the water. Now let's pretend that somebody throws another gallon of water in there, right, and someone else dumps another gallon.
01:11
All of a sudden, you're getting overwhelmed, right? You can't drink all of that water. There's just so much water.
01:17
So that's what we're talking about. Denial of service. We just There's just so much we can't actually function.
01:23
So it's a mentioned availability, right with the systems or the applications are actually unavailable for people that need to use them. So it's a DDOS attack. What's the difference? Right detail stands for distributed denial of service attack, and as the name implies, we're talking about using multiple devices to attack a single target. So, for example,
01:42
if you remember from years ago the mirror botnet that used I ot devices
01:48
and attacked certain systems,
01:52
that's what we're talking about here. So, for example, I create a botnet. I attack your Web server, and then what happens is your customers can't go to your e commerce site and buy from you anymore until you fix that issue.
02:04
So essentially here again, we're just flooding that victim with the service request to make sure that the right people are not able to access that particular system or that application.
02:14
We have several different categories of Dallas hers and details attacks. We've got volumetric attacks. And so basically, these consumed the bandwidth of the target network or service. We've got fragmentation attacks, and so this overwhelms the target system's ability to reassemble fragmented packets
02:31
we've got. We've got our TCP State exhaustion attack. So basically, this consumes the connection state tables that air president, network infrastructure components, eso things like your low balance. Here's your firewalls application servers. So this essentially eats up that bandwidth and causes the denial of service. And then we got our application layer attacks like I mentioned before, where
02:51
the attack is consuming the application resource is
02:53
or the services. And because of that, legitimate users were not able to access those.
03:00
So just a quick, quick question here for you. Denial of service attacks involve multiple compromised machines attacking a single victim. Is that gonna be true or false?
03:10
Right. So that was actually false, right? If you remember the details attack of the distributed denial of service is gonna be the one where it involves multiple compromised machines that are attacking that single victim.
03:23
So in this video, we just briefly talked about what denial of service attacks are as well as what distributed denial of service or DDOS. Attacks are, and we talked about some of the different categories of those attacks.
Up Next
Penetration Testing and Ethical Hacking

The Penetration Testing and Ethical Hacking course prepares students for industry penetration testing certifications, like CEH. This course walks students through the process of gaining intelligence, scanning and enumerating and hacking the target.

Instructed By