From the course: Threat Modeling: Denial of Service and Elevation of Privilege

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Amplified or native: Two modes of DoS

Amplified or native: Two modes of DoS

From the course: Threat Modeling: Denial of Service and Elevation of Privilege

Start my 1-month free trial

Amplified or native: Two modes of DoS

- [Instructor] Attacks can use the attackers resources or someone else's. Using someone else's resources starts with finding or finding out about a resource that will return more than its sent. Ideally, the amplifier will use UDP so the attacker doesn't need to succeed at a TCP handshake. Unix machines used to offer a charge in service that would send a stream of characters, for debugging if packets we're going through. So attackers would send a request to the broadcast address, say 10.0.0.255 port 19 and every machine on the network would reply with a stream of packets. Oh, the nineties. They were a simpler time and the TCP handshake was easier to fake too. Today these amplifications are harder to find, but variants with DNS and memcached are common. Memcached is service designed to cache and quickly return data. Usually returns far more data than the callers sends. A single 203 byte request can result in 100…

Contents