1 00:00:00,300 --> 00:00:03,270 The bank or ICMP flooded the office at that. 2 00:00:04,620 --> 00:00:11,160 Now, what is the big or the ICMP that that Abbink float is a denial of service attack in which the 3 00:00:11,160 --> 00:00:18,930 attack attempts to overwhelm a targeted device with ICMP could request Becket's causing the target to 4 00:00:18,930 --> 00:00:21,240 becoming inaccessible to normal traffic. 5 00:00:21,480 --> 00:00:29,520 The ICMP is Internet control messaging protocol that used to check the connection, the four time synchronization 6 00:00:29,520 --> 00:00:30,700 and a lot of things, actually. 7 00:00:31,230 --> 00:00:37,860 So when the attack comes from multiple devices, the attack becomes a device or distributed denial of 8 00:00:37,860 --> 00:00:38,310 service. 9 00:00:39,240 --> 00:00:46,530 So how it works, actually, the first thing, the attacker sends many ICMP request packets to the targeted 10 00:00:46,530 --> 00:00:52,950 server using multiple devices, then the target server since and I see Ambedkar reply ribbeck it to 11 00:00:52,950 --> 00:00:56,370 each requesting a device IP address as a response. 12 00:00:56,910 --> 00:01:02,430 So here you can see here is the attacker controlling the botnet or the bot and there is the target. 13 00:01:02,610 --> 00:01:03,240 So that. 14 00:01:03,510 --> 00:01:11,310 But when I see MBK request and it will target will reply with Isambard reply and the same thing. 15 00:01:11,310 --> 00:01:16,800 ICO request ico reply request reply and imagine that we have one hundred. 16 00:01:16,920 --> 00:01:23,100 What actually not one hundred one one hundred k one hundred thousand actually or one million. 17 00:01:23,550 --> 00:01:27,270 But and we are going to the same target or the same server. 18 00:01:27,480 --> 00:01:30,240 It will cause it to go down or denial-of-service. 19 00:01:31,500 --> 00:01:38,430 Now, how this can be mitigated, how this attack can be mitigated or how to protect from such attacks, 20 00:01:39,150 --> 00:01:45,840 the first thing this evening, a big flood is most easily accomplished by disabling the ICMP functionality 21 00:01:45,960 --> 00:01:53,100 of the targeted computer or other devices, which I think by default nowadays it is disabled by default. 22 00:01:53,850 --> 00:02:02,040 Now a network administrator can access the administrative interface of the device and disable its ability 23 00:02:02,040 --> 00:02:08,790 to send and receive any request using the ICMP, effectively eliminating both the processing of the 24 00:02:08,790 --> 00:02:10,280 request and the ICO reply. 25 00:02:10,530 --> 00:02:17,400 And the consequence of this is that all network activities that involve ICMP Archibong making the device 26 00:02:17,400 --> 00:02:22,470 unresponsive to request disrupt requests and other network activities.