DDoS Attack | DDoS Attack Explained | What Is A DDoS Attack? | Cyber Attacks Explained | Simplilearn

00:08

with work from home being the norm in

00:10

today's era people spend considerable

00:12

amount of time on the internet often

00:14

without specific measures to ensure a

00:17

secure session

00:18

apart from individuals organizations

00:20

worldwide that host data and conduct

00:22

business over the internet are always at

00:25

the risk of a ddos attack

00:27

these ddos attacks are getting more

00:29

extreme with hackers getting easy access

00:31

to botnet farms and compromised devices

00:34

as can be seen in the graph three of the

00:37

six strongest ddos attacks were launched

00:39

in 2021 with the most extreme attack

00:42

occurring just last year in 2020

00:44

lately cyber criminals have been

00:46

actively seeking out new services and

00:48

protocols for amplifying these ddos

00:51

attacks

00:52

active involvement with hacked machines

00:54

and botnets allow further penetration

00:56

into the consumer space allowing much

00:58

more elaborate attack campaigns

01:01

apart from general users multinational

01:03

corporations have also had their fair

01:05

share of problems

01:07

github a platform for software

01:09

developers was the target of a ddos

01:11

attack in 2018.

01:13

widely suspected to be conducted by

01:15

chinese authorities this attack went on

01:17

for about 20 minutes after which the

01:19

systems were brought into a stable

01:21

condition

01:22

it was the strongest ddos attack to date

01:24

at the time and made a lot of companies

01:26

reconsider the security practices to

01:28

compare such attacks

01:30

even after years of experimentation ddos

01:33

attacks are still at large and can

01:35

affect anyone in the consumer and

01:37

corporate space

01:38

hey everyone this is bev from simply

01:41

learn and welcome to this video on what

01:43

is a ddos attack

01:45

let's take a look at the topics we will

01:46

be covering today

01:48

we start by learning what is a ddos

01:50

attack and how it works on a face by

01:52

phase level

01:54

we learn about the distinct categories

01:56

in ddos attacks and the potential aim of

01:59

hackers when they launch a ddos attack

02:01

campaign

02:02

we also look at some preventive measures

02:04

that can be taken to protect oneself

02:06

from these ddos attacks

02:08

finally we have a demonstration of how

02:11

such attacks can hamper the working of a

02:13

server system using vmware and parrot

02:16

security operating system

02:18

but before moving forward make sure you

02:20

are subscribed to the simply learn

02:21

youtube channel don't forget to hit the

02:24

bell icon to receive updates about more

02:26

informative videos from our channel so

02:28

let's learn more about what is a ddos

02:30

attack

02:32

a distributed denial of service attack

02:34

or ddos is when an attacker or attackers

02:37

attempt to make it impossible for a

02:39

service to be delivered

02:41

this can be achieved by thwarting access

02:43

to virtually anything servers devices

02:46

services networks applications and even

02:50

specific transactions within

02:51

applications

02:53

in a dos attack it's one system that is

02:55

sending the malicious data or requests a

02:58

ddos attack comes from multiple systems

03:01

generally these attacks work by drowning

03:03

a system with requests for data

03:05

this could be sending a web server so

03:07

many requests to serve a page that it

03:09

crashes under the demand or it could be

03:11

a database being hit with a higher

03:13

volume of queries

03:14

the result is available internet

03:16

bandwidth cpu and ram capacity become

03:19

overwhelmed

03:21

the impact could range from a minor

03:23

annoyance from disrupted services to

03:25

experiencing entire websites

03:27

applications or even entire businesses

03:30

taking offline

03:31

more often than not these attacks are

03:33

launched using machines in a botnet

03:36

a botnet is a network of devices that

03:38

can be triggered to send requests from a

03:40

remote source often known as the command

03:42

and control center

03:44

the bots in the network attack a

03:46

particular target thereby hiding the

03:48

original perpetrator of the ddos

03:50

campaign

03:52

but how do these devices come under the

03:53

botnet and what are the requests being

03:55

made to the web servers

03:57

let's learn more about these and how dos

03:59

attack work

04:02

a ddos attack is a two-phase process

04:05

in the first phase a hacker creates a

04:07

botnet of devices

04:09

simply put a vast network of computers

04:11

are hacked via malware ransomware or

04:14

just simple social engineering

04:16

these devices become a part of the

04:18

botnet which can be triggered anytime to

04:21

start bombarding a system or a server on

04:23

the instruction of the hacker that

04:25

created the botnet

04:27

the devices in this networks are called

04:29

bots or zombies

04:31

in the second phase a particular target

04:33

is selected for the attack

04:35

when the hacker finds the right time to

04:37

attack all the zombies in the botnet

04:39

network send these requests to the

04:41

target thereby taking up all the servers

04:43

available bandwidth

04:45

these can be simple ping requests or

04:47

complex attacks like syn flooding and

04:50

udp flooding

04:51

the aim is to overwhelm them with more

04:53

traffic than the server or the network

04:55

can accommodate the goal is to render

04:58

the website or service inoperable

05:00

there is a lot of wiggle room when it

05:02

comes to the type of ddos attack a

05:04

hacker can go with

05:06

depending on the target's vulnerability

05:08

we can choose one of the three broad

05:10

categories of ddos attacks

05:12

volume based attacks use massive amounts

05:15

of bogus traffic to overwhelm a resource

05:18

it can be a website or a server

05:20

they include icmp udap and spoofed

05:23

packet flood attacks

05:25

the size of volume based attack is

05:27

measured in bits per second

05:29

these attacks focus on clogging all the

05:31

available bandwidth for the server

05:33

thereby cutting the supply shot

05:36

several requests are sent to the server

05:38

all of which warrant a reply thereby not

05:40

allowing the target to cater to the

05:42

general legitimate users

05:45

next we have the protocol level attacks

05:47

these attacks are meant to consume

05:49

essential resources of the target server

05:52

they exhaust the load balancers and

05:54

firewalls which are meant to protect the

05:56

system against the ddos attacks

05:59

these protocol attacks include syn

06:01

floods and smurf ddos among others and

06:04

the size is measured in packets per

06:05

second

06:07

for example in ssl handshake server

06:10

replies to the hello message sent by the

06:12

hacker which will be the client in this

06:14

case but since the ip is proved and

06:16

leads nowhere the server gets stuck in

06:18

an endless loop of sending the

06:20

acknowledgement without any end in sight

06:24

finally we have the application level

06:26

attacks

06:27

application layer attacks are conducted

06:29

by flooding applications with

06:30

maliciously crafted requests

06:33

the size of application layer attacks is

06:35

measured in request per second

06:37

these are relatively sophisticated

06:39

attacks that target the application and

06:41

operating system level vulnerabilities

06:44

they prevent the specific applications

06:46

from delivering necessary information to

06:48

users and hawk the network bandwidth up

06:50

to the point of a system crash

06:53

examples of such an attack are http

06:55

flooding and bgp hijacking

06:58

a single device can request data from a

07:00

server using http post or get without

07:03

any issues

07:04

however when the requisite botnet is

07:07

instructed to bombard the server with

07:09

thousands of requests the database

07:11

bandwidth gets jammed and it eventually

07:13

becomes unresponsive and unusable

07:16

but what about the reasons for such an

07:18

attack there are multiple lines of

07:20

thought as to why a hacker decides to

07:22

launch a ddos attack on unsuspecting

07:24

targets

07:25

let's take a look at a few of them

07:28

the first option is to gain a

07:29

competitive advantage

07:31

many ddos attacks are conducted by

07:33

hacking communities against rival groups

07:36

some organizations hire such communities

07:39

to stagger their rivals resources at a

07:41

network level to gain an advantage in

07:43

the playing field

07:44

since being a victim of a ddos attack

07:46

indicates a lack of security the

07:48

reputation of such a company takes a

07:50

significant hit allowing the rivals to

07:52

cover up some ground

07:55

secondly some hackers launch these ddos

07:57

attacks to hold multinational

07:59

corporations at ransom

08:01

the resources are jammed and the only

08:03

way to clear the way is if the target

08:05

company agrees to pay a designated

08:07

amount of money to the hackers

08:09

even a few minutes of inactivity is

08:11

detrimental to a company's reputation in

08:14

the global market and it can cause a

08:16

spiral effect both in terms of market

08:18

value and product security index

08:21

most of the time a compromise is reached

08:23

and the resources are freed after a

08:25

while

08:26

tdos attacks have also found use in the

08:28

political segment

08:30

certain activists tend to use ddos

08:32

attacks to voice their opinion

08:34

spreading the word online is much faster

08:36

than any local rally or forum

08:39

primarily political these attacks also

08:42

focus on online communities ethical

08:44

dilemmas or even protests against

08:46

corporations

08:47

let's take a look at a few ways that

08:49

companies and individuals can protect

08:52

themselves against edos attacks

08:55

the company can employ load balancers

08:57

and firewalls to help protect the data

08:59

from such attacks

09:01

load balancers reroute the traffic from

09:03

one server to another in a ddos attack

09:06

this reduces the single point of failure

09:08

and adds resiliency to the server data

09:11

a firewall blocks unwanted traffic into

09:13

a system and manages the number of

09:15

requests made at a definite rate it

09:17

checks for multiple attacks from a

09:19

single ip and occasional slowdowns to

09:21

detect a ddos attack in action

09:25

early detection of a ddos attack goes a

09:27

long way in recovering the data lost in

09:29

such an event

09:31

once you've detected the attack you will

09:33

have to find a way to respond for

09:35

example you will have to work on

09:37

dropping the malicious jdos traffic

09:39

before it reaches your server so that it

09:41

doesn't throttle and exhaust your

09:43

bandwidth

09:44

here's where you will filter the traffic

09:46

so that only legitimate traffic reaches

09:48

the server by intelligent routing you

09:51

can break the remaining traffic into

09:53

manageable chunks that can be handled by

09:55

your cluster resources

09:57

the most important stage in ddos

09:59

mitigation is where you will look for

10:00

patterns of redos attacks and use those

10:03

to analyze and strengthen your

10:05

mitigation techniques for example

10:07

blocking an ip that's repeatedly found

10:09

to be offending is a first step

10:13

cloud providers like amazon web services

10:15

and microsoft azure who offer high

10:17

levels of cyber security including

10:19

firewalls and threat monitoring software

10:21

can help protect your assets and network

10:23

from ddos criminals

10:25

the cloud also has greater bandwidth

10:27

than most private networks so it is

10:29

likely to fail if under the pressure of

10:31

increased tdos attacks

10:34

additionally reputable cloud providers

10:36

offer network redundancy duplicating

10:38

copies of your data systems and

10:40

equipment so that if your service

10:42

becomes corrupted or unavailable due to

10:44

a ddos attack you can switch to a secure

10:47

access on backed up versions without

10:49

missing a beat

10:51

one can also increase the amount of

10:53

bandwidth available to a host server

10:55

being targeted

10:56

since ddos attacks fundamentally operate

10:59

on the principle of overwhelming systems

11:01

with heavy traffic

11:02

simply provisioning extra bandwidth to

11:05

handle unexpected traffic spikes can

11:07

provide a measure of protection

11:09

this solution can prove expensive as a

11:12

lot of that bandwidth is going to go

11:13

unused most of the time

11:16

a content delivery network or a cdn

11:19

distributes your content and boosts

11:21

performance by minimizing the distance

11:23

between your resources and end users it

11:26

stores the cached version of your

11:27

content in multiple locations and this

11:30

eventually mitigates ddos attacks by

11:32

avoiding a single point of failure when

11:34

the attacker is trying to focus on a

11:36

single target

11:37

popular cdns include akamai cdn

11:40

cloudflare aws cloudfront etc

11:45

let's start with our demo regarding the

11:46

effects of ddos attacks on a system

11:49

for a demo we have a single device that

11:51

will attack a target making it a dos

11:54

attack of sorts

11:55

once a botnet is ready multiple devices

11:58

can do the same and eventually emulate a

12:00

ddos attack

12:02

to do so we will use the virtualization

12:04

software called vmware with an instance

12:06

of parrot security operating system

12:08

running for a target machine we will be

12:11

running another vmware instance of a

12:13

standard linux distribution known as

12:15

linux light

12:17

in a target device we can use wireshark

12:20

to determine when the attack begins and

12:22

see the effects of the attack

12:23

accordingly

12:26

this is linux like which is a target

12:28

machine and this is parrot security

12:31

which is used by the hacker when trying

12:33

to launch a ddos attack this is just one

12:35

of the distros that can be used

12:39

to launch the attack we must first find

12:41

the ip address of our target

12:44

so to find the ip address we open the

12:46

terminal

12:54

we use the command ifconfig

12:59

and here we can find the ip address

13:01

now remember we're launching this attack

13:03

in vmware now the both the instances of

13:07

parrot security and linux light are

13:09

being run on my local network so the

13:11

address that you can see here is

13:13

192.168.72.129

13:16

which is a private address

13:18

this ip cannot be accessed from outside

13:21

the network basically anyone who is not

13:23

connected to my wifi

13:25

when launching attacks with public

13:27

servers or public addresses

13:29

it will have a public ip address that

13:31

does not belong to the 192168 subnet

13:36

once we have the ip address

13:39

we can use a tool called

13:41

hping3

13:45

hping3 is an open source packet

13:47

generator and analyzer for the tcp ip

13:50

protocol

13:53

to check what are the effects of an

13:54

attack we will be using wireshark

13:57

wireshark is a network traffic analyzer

14:00

we can see whatever traffic that is

14:02

passing through the linux light distro

14:04

is being displayed over here with the ip

14:08

address the source ip and the

14:09

destination ip as to where the request

14:12

is being transferred to

14:14

once we have the dos attack launched you

14:16

can see the results coming over here

14:18

from the source ip which will be parrot

14:20

security now to launch the hping3

14:23

command we need to give sudo access to

14:26

the console which is the root access

14:34

now we have the root access for the

14:36

console

14:37

the hping3 command will have a few

14:39

arguments to go with it which are as you

14:42

can see on the screen

14:45

minus s

14:46

and a flood

14:49

a hyphen v

14:52

hyphen p80 and

14:54

the ip address of the target which is

14:57

168 72.129

15:05

in this command we have a few arguments

15:08

such as the minus s which specifies syn

15:11

packets

15:12

like in an ssl handshake we have the syn

15:16

request that the client sends to the

15:18

server to initiate a connection

15:20

the hyphen flood aims to ignore the

15:23

replies that the server will send back

15:25

to the client in response to the syn

15:28

packets here the parent security os is

15:30

the client and linux slide being the

15:33

server

15:35

minus v stands for verbosity as in where

15:38

we will see some output when the

15:39

requests are being sent

15:41

the hyphen p80 stands for port 80 which

15:45

we can replace the port number if we

15:47

want to attack a different port

15:49

and finally we have the ip address of

15:51

our target

15:53

as of right now if we check wireshark it

15:56

is relatively clear and there is no

15:58

indication of a ddos attack incoming

16:01

now once we launch the attack over here

16:06

we can see the requests coming in from

16:08

this ip which is 192 168 72.128

16:14

till now even the network is responsive

16:17

and so is linux lite

16:22

the requests keep on coming and we can

16:24

see the http

16:27

flooding has started in flood mode

16:32

after a few seconds of this attack

16:34

continuing the server will start

16:37

shutting down

16:38

now remember linux light is a distro

16:40

that can focus on one that serves as a

16:43

back end

16:44

now remember linux light is a distro and

16:47

such linux distros are served as backend

16:50

to many servers across the world for

16:52

example a few seconds have passed from

16:54

the attack

16:56

now the system has become completely

16:58

irresponsive

16:59

this has happened due to the huge number

17:01

of requests that came from pirate

17:03

security

17:05

you can see whatever i press nothing is

17:07

responded even the wireshark has stopped

17:09

capturing new request because the cpu

17:11

usage right now is completely 100

17:14

and at this point of time anyone who is

17:16

trying to request some information from

17:19

this linux distro or where this linux

17:22

distro is being used as a backend for a

17:24

server or a database cannot access

17:27

anything else the system has completely

17:29

stopped responding and any request any

17:31

legitimate request from legitimate users

17:34

will be dropped

17:36

once you stop the attack over here it

17:39

takes a bit of time to settle down

17:41

now remember it's still out of control

17:43

but eventually the traffic dies down and

17:45

the system regains its strength

17:48

it is relatively easy to gauge right now

17:50

the effect of a dos attack now remember

17:53

this linux light is just a vm instance

17:56

actual website servers and

17:58

web databases they have much more

18:01

bandwidth and are very secure and it's

18:04

tough to break into

18:05

that is why we cannot use a single

18:07

machine to break into them

18:09

that is where a ddos attack comes into

18:11

play what we did right now is a dos

18:14

attack as in a single system is being

18:16

used to penetrate a

18:18

target server using a single request now

18:22

when a ddos attack multiple systems such

18:25

as multiple parallel security instances

18:27

or multiple zombies or bots in a botnet

18:29

network can attack a target server to

18:32

completely shut down the machine and

18:34

drop any legitimate request thereby

18:36

rendering the service and the target

18:38

completely unusable and

18:40

inoperable

18:42

as a final note we would like to remind

18:44

that this is for educational purposes

18:46

only and we do not endorse any attacks

18:49

on any one domains only test this on

18:52

servers and networks that you have

18:54

permission to test on

18:57

hope you learned something interesting

18:58

today if you have any questions

19:00

regarding the lesson feel free to ask us

19:02

in the comments section and we will get

19:04

back to you as soon as possible

19:06

thank you for watching

19:11

hi there if you like this video

19:13

subscribe to the simply learn youtube

19:14

channel and click here to watch similar

19:17

videos turn it up and get certified

19:19

click here