DoS-DDoS Concepts & Mitigation

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

welcome friends in this module we are going to see denial of service distributed denial of service and its mitigation so what exactly is denial of service have a server which is one dot x dot x dot one with an ip address and it has resources ram cpu hard disk so this server along with the resources is used to host services the services could be a web-based application a trading application online shopping application or sometimes if a server is hosted internally it could be used to host services like active directory and app or even the database services so now there is a client who wants to actually use the services hosted by the server so what exactly happens in this process the client will send a sin first so if you go back to our three-way handshake the first packet is always sent so the client who wants to talk to the server will send a sim packet to the server upon receiving this syn packet the server will reserve some ram some cpu cycles some part of hard disk to talk with this client to establish a session with this client and acknowledges with the synagogue back to the client the client receives the synapt packet and sends an final acknowledgement and a tcp session will be formed between the client and the server which will facilitate the data transfer between them now this is the normal process now consider there is a hacker with some ip of three dot x dot x dot one who wants to bring down our server or wants our services to be unavailable he will send a sin to the server the server upon receiving the syn will reserve the ram cpu hard disk to talk to three dot x dot x dot the hacker will not actually send the final acknowledgement instead the hacker will change his ip to three dot x dot x dot two and send a second sin to the same server now the server will again reserve some resources for this new ip address new session all the ram cpu hard disk and send a simnet back to three dot x dot x dot two the hacker keeps on changing the ip address and sending syn packets until the server is completely out of the resources and is no longer able to service genuine clients so that is how we experience the denial of service okay and it is not a manual process the the hacker does not change the ip address manually instead there are scripts which run on the machine there are tools which send only the same crafted packets so that all is a part of hacking but that's the whole idea that the hacker will keep on sending syn packets and the server will run out of the resources so something abnormal like this we will experience a denial of service but what happens in ddos is there is a server hosting the services and there is a hacker who has access to a lot of machines we call it zombies or botnets so a bot is a software which is actually installed on on one of the machines to gain access or to activate some kind of a process automatically okay so that's that's about bought machine or a botnet so the hacker will actually have access to these zombie machines or the botnets and through these botnets they will be sending a collective scene so that the server is actually running out of resources very quickly this is a much bigger type of attack or you can say an amplified form of ddos attack wherein the server lose will resources or it will be running out of resources very quickly volumetric attack is something like providing input more than the quantity that the server can handle okay so the idea over here let's say that is the server again hosting the services and the internet pipe is around 10 mbps to make the services available to the client so the hacker will send unwanted traffic which is greater than your internet pipe basically which is 10 mbps so the result is the the bandwidth is completely choked by unwanted traffic and the genuine users will not be able to access your server so this is something called as volumetric attacks and there is a second form of attack which is called as targeted attack there is a server again hosting the services there is this internet you may have 10 mbps the hacker may not really block your internet pipe at all but he will send crafted attacks targeted only for the servers so in this case the incoming packet handling capacity of the server is much more as compared to the normal scenario so your internet pipe is not congested but your server is really throttling to handle the incoming connections so this is called as a targeted attack which is specifically targeted for a server now we will see the mitigation of the ddos attacks the first type of mitigation is called clean pipe solution so in this scenario what happens is you will have the server you will have the services hosted on the server and you will have to tie up with your isp to provide the clean pipe solution so the isp will block all the unwanted traffic at its end it's basically called as scrubbing it will scrub off all the ddos traffic and allow only the genuine traffic up to your guaranteed bandwidth of 10 mbps so this is one type of solution which is very low cost so the isp will charge you some extra amount to provide clean pipe services but this mitigation is really very basic form because the isp is not really aware of your setup you might want a ddos mitigation for ntp traffic or udp traffic or mail protocol attacks so the isp doesn't really know your environment better and they will provide you a basic protection to maintain your internet bandwidth for browsing so this is the first type of mitigation the second type of mitigation is actually putting a ddos appliance and tedious appliance in this mitigation we have a server we have the services we have the internet bandwidth we have the isp as well and we will have an ntdos appliance which will sit in between the internet router and the firewall on perimeter device this will work in l2 mode because whatever comes in from port 1 will go out from port 2 and in between it will check for all the policies or all the mitigations that you would apply now this ddos appliance will talk to a scrubbing center a scrubbing center is like a one more entity ddos appliance hosted in a global data center of the oem so how does this mitigate your data traffic for the mitigation part there is this server there are the services again there is internet pipe there is this isp and there is this ntdos appliance installed which talks to the scrubbing center so now when the hacker sends the targeted attack or even the volumetric attack there is a particular feature we call it ddos mitigation which has to be turned on this gets turned on after certain threshold is reached in terms of packets handled by the server in terms of the congestion of my internet bandwidth and once my ddos mitigation is on all my traffic will go to the scrubbing center where all the unwanted traffic is scrubbed off and the clean traffic is sent back to my appliance through a secure vpn tunnel and this is how we achieve the ddos mitigation in terms of an on-site deployment who are the solution providers there is arbor networks which has been taken over by netscout now there is f5 there is imperva there is citrix there is radware and there is cloudflare and akamai cloudflare and akamai they are more like content delivery network providers so they will provide ddos protection along with the vaf and caching services so that your website is always available it reaches the client's past but all in all these are the solution providers for ddos so that was it about the ddos and the solution providers remember that whatever i have shown is just one way of creating a dos attack but there are multiple ways by which we can actually create the dos attack and there are multiple tools used for that as well thank you and please like this video share it subscribe to my channel

Info

Channel: YourITBasics Online

Views: 868

Rating: undefined out of 5

Keywords: DDoS, DoS, denail of Service, anti-ddos, volumetric attacks, target ddos, syn flood, scrubbing center, clean pipe solution

Id: jM3Aey97MrI

Channel Id: undefined

Length: 10min 17sec (617 seconds)

Published: Thu Dec 31 2020