Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,300 --> 00:00:08,220 Divorce and your setbacks, first of all, what are these acronyms, a divorce, a denial of service 2 00:00:08,220 --> 00:00:14,880 attack, tries to make a web resource unavailable to its users by floating the target URL with more 3 00:00:14,880 --> 00:00:16,610 requests than the server can handle. 4 00:00:17,070 --> 00:00:23,400 That means during the attack period, regular traffic on the, for example, website will be either 5 00:00:23,400 --> 00:00:29,220 slow down or completely interrupted, added yours a distributed denial of service attack. 6 00:00:29,220 --> 00:00:33,230 Is that a U.S. attack from more than one resource at the same time? 7 00:00:33,810 --> 00:00:40,290 Did U.S. attack is typically generated using thousands, even hundreds of thousands of unsuspecting 8 00:00:40,290 --> 00:00:41,250 zombie devices. 9 00:00:41,590 --> 00:00:47,280 These machines are collectively known as botnet and will have been previously infected with malicious 10 00:00:47,280 --> 00:00:50,700 software so that they can be remotely controlled by the attacker. 11 00:00:50,820 --> 00:00:56,430 It is currently estimated that worldwide millions of computers are at this point infected with botnet 12 00:00:56,430 --> 00:00:57,030 programs. 13 00:00:57,150 --> 00:01:03,390 But let's see how all this works will take a classic example with our hacker chief and the unsuspecting 14 00:01:03,390 --> 00:01:06,000 Bob, who is the owner of a small online shop. 15 00:01:06,540 --> 00:01:12,380 If wants to take Bob's shop down and she's planning to use the HTP flawed to accomplish it. 16 00:01:12,810 --> 00:01:19,920 And HTP flawed is an attack similar to pressing, let's say, refresh in a Web browser over and over 17 00:01:19,920 --> 00:01:27,060 on many different computers at was large numbers of HTP requests for the server, resulting in a denial 18 00:01:27,060 --> 00:01:27,640 of service. 19 00:01:28,290 --> 00:01:31,650 Of course, this type of attack ranges from simple to complex. 20 00:01:32,100 --> 00:01:39,900 Simpler implementations may access one MRL with the same range of attacking IP addresses referrers and 21 00:01:39,900 --> 00:01:40,680 user agents. 22 00:01:41,070 --> 00:01:47,520 Complex versions may use a large number of attacking IP addresses and target random URLs using random, 23 00:01:47,520 --> 00:01:49,530 referrers and user agents. 24 00:01:50,430 --> 00:01:52,320 Now let's go a bit deeper in our example. 25 00:01:53,040 --> 00:02:00,420 Let's imagine you make a bunch of requests and if a real customer wants to access Bob's shop, he or 26 00:02:00,420 --> 00:02:05,400 she will not be able because it's bots are overloading the servers. 27 00:02:05,790 --> 00:02:08,130 Since it's probably not very clear how this works. 28 00:02:08,460 --> 00:02:15,060 Let's imagine you have a small physical shop and they send 50 fake customers at the same time to enter 29 00:02:15,210 --> 00:02:15,870 your shop. 30 00:02:16,050 --> 00:02:21,360 And then there is another real customer that wants to enter and buy. 31 00:02:21,630 --> 00:02:27,000 But he or she will need to wait for a long time or maybe not even make it inside the shop. 32 00:02:27,320 --> 00:02:28,230 Is she to be flawed? 33 00:02:28,230 --> 00:02:35,610 Works in a very similar way, where the server where Bob's shop is hosted can only serve a maximum number 34 00:02:35,610 --> 00:02:37,140 of simultaneous requests. 35 00:02:37,470 --> 00:02:44,490 And if if boards reach that limit, the shop will not be available for the actual real customers types 36 00:02:44,490 --> 00:02:45,060 of attacks. 37 00:02:45,300 --> 00:02:47,070 Here we have five main categories. 38 00:02:47,640 --> 00:02:53,610 Since they are quite complex in the description, you may find some words that you are not familiar 39 00:02:53,610 --> 00:02:59,670 with for you were going to explain all those terms in the notes together with some links with further 40 00:02:59,670 --> 00:03:00,240 information. 41 00:03:00,300 --> 00:03:02,040 First, HTP flood. 42 00:03:02,670 --> 00:03:09,050 This was the attack from our example and we're not going to spend some extra time on it in big lines. 43 00:03:09,630 --> 00:03:16,620 This translates into a large number of requests that flood the server or servers, resulting in a denial 44 00:03:16,620 --> 00:03:17,250 of service. 45 00:03:17,520 --> 00:03:22,040 Second protocol attacks also known as a state exhaustion attack. 46 00:03:22,200 --> 00:03:28,800 This causes a service disruption by consuming all the available state table capacity of web application 47 00:03:28,800 --> 00:03:33,420 servers or intermediate resources like firewalls and load balancers. 48 00:03:33,690 --> 00:03:40,710 Protocol attacks utilizers weaknesses in layer three and layer four of the protocol stack to render 49 00:03:40,710 --> 00:03:42,090 the target inaccessible. 50 00:03:42,480 --> 00:03:50,400 Third, ESSI unflawed is an analogue to a worker in a supply room receiving requests from the front 51 00:03:50,400 --> 00:03:51,060 of the store. 52 00:03:51,480 --> 00:03:57,660 The worker receives a request, goes and gets the package, and waits for the confirmation before bringing 53 00:03:57,660 --> 00:03:58,930 the package out in front. 54 00:03:58,950 --> 00:04:06,690 The worker then gets many more package requests without confirmation until they can carry any more packages 55 00:04:06,810 --> 00:04:11,130 becoming overwhelmed and requests start going unanswered. 56 00:04:12,150 --> 00:04:19,260 Fourth, volumetric attacks, this category of attacks, attempts to create congestion by consuming 57 00:04:19,260 --> 00:04:26,760 all available bandwidth between the target and the larger Internet, large amounts of data are sent 58 00:04:26,760 --> 00:04:33,330 to a target by using a form of amplification or another means of creating massive traffic, such as 59 00:04:33,330 --> 00:04:39,090 requests from a botnet with a dense amplification is like if someone were to call a restaurant and say, 60 00:04:39,360 --> 00:04:44,640 I'll have one of everything, please call me back and tell me my whole order again where the callback 61 00:04:44,640 --> 00:04:50,400 phone number they give is the target number with very little effort, a long response it generated. 62 00:04:51,120 --> 00:04:52,380 This concludes our lecture. 63 00:04:52,710 --> 00:04:57,880 You will find the links with further information in the digital text file from the resource section. 64 00:04:58,320 --> 00:04:58,910 Thank you. 65 00:04:59,100 --> 00:05:00,900 And see you soon in our next chapter. 6941