1
00:00:00,210 --> 00:00:01,770
DNS amplification at that.

2
00:00:03,330 --> 00:00:05,220
What is the NSA amplification attack?

3
00:00:06,140 --> 00:00:12,530
It is added to US attack, and it is an affliction based volumetric, distributed denial of service

4
00:00:12,530 --> 00:00:19,400
attack in which an attack riblets the functionality of obeying DNS resolvers in order to overwhelm a

5
00:00:19,400 --> 00:00:26,900
target server or network with an amplified amount of traffic, rendering the server and its surrounding

6
00:00:27,200 --> 00:00:29,060
infrastructure inaccessible.

7
00:00:30,160 --> 00:00:33,760
Now, how does this the amplification attack Worx?

8
00:00:35,000 --> 00:00:40,310
The first thing that Dukkha uses a compromise in point to send you would be Becket's with a spoofed

9
00:00:40,310 --> 00:00:47,570
IP addresses to Adina's precursor, the spoofed address of the Becket's ones, to the IP address of

10
00:00:47,570 --> 00:00:48,100
the victim.

11
00:00:49,130 --> 00:00:55,010
After receiving the request that the NSA of us, which is trying to be helpful by responding since a

12
00:00:55,010 --> 00:00:57,440
large response to the spoofed IP address.

13
00:00:58,420 --> 00:01:05,080
After receiving the request that the NSA resolver, which is trying to be helpful by responding since

14
00:01:05,080 --> 00:01:07,780
a large response to that spoofed IP address.

15
00:01:08,700 --> 00:01:15,840
And the IP address of the target receives the response and the surrounding network infrastructure becomes

16
00:01:15,840 --> 00:01:23,790
overwhelmed with the deluge of traffic resulting in Denial-of-service how to mitigate the DNS amplification

17
00:01:23,790 --> 00:01:24,270
attack.

18
00:01:25,080 --> 00:01:28,500
The first thing, reduce the total number of jobs in the NSA saltbox.

19
00:01:28,950 --> 00:01:36,750
So an essential component of DNS amplification attack is access to open the NSA by having a reconfigured

20
00:01:36,750 --> 00:01:42,770
DNS resource exposed to the Internet on an attacker needs to do to utilize that.

21
00:01:42,780 --> 00:01:44,670
The NSA is to discover it.

22
00:01:45,630 --> 00:01:52,350
So ideally, the NSA servers should only provide their services to devices that originate within attracted

23
00:01:52,350 --> 00:01:52,740
domain.

24
00:01:53,070 --> 00:02:00,150
In the case of reflection based attacks that own the NSA servers would respond to queries from anywhere

25
00:02:00,150 --> 00:02:08,100
on the Internet allowing the potential for exploitation restricting at the NSA so that it will only

26
00:02:08,460 --> 00:02:15,300
respond to the queries from trusted sources, makes the server aboard Behi can for any type of amplification

27
00:02:15,300 --> 00:02:15,690
attack.

28
00:02:17,490 --> 00:02:24,330
The other BrightSource, I.B. vitrification to stop the spoofed Becket's leaving the network so because

29
00:02:24,330 --> 00:02:30,510
the YouTube request being sent by the attackers botnet must have a source IP address both to the victim's

30
00:02:30,600 --> 00:02:37,770
IP addresses, a key component in reducing the effectiveness of UDP based amplification.

31
00:02:37,770 --> 00:02:45,060
Attack is for Internet service provider or the ISP to reject any Internet traffic with spoofed IP addresses.

32
00:02:45,750 --> 00:02:52,410
So if a bank is being sent from inside the network with a source IP address that makes it appear like

33
00:02:52,410 --> 00:02:56,510
it originated outside the network, it likely eSport Beckett and can be dropped.