1. DDoS

2. Definition
A DDoS is when an attacker sends multiple requests to the servers providing a specific service.
It is aimed at causing a disruption of service instead of actually stealing important information.

3. Potential Goals Prestige Comparative advantage in business Fun
Political gains

4. How it Works
Zombies
Trojan infected machines that will send requests to the service
Controller
Used by the attacker to instruct the zombies to simultaneously send requests to the service

5. How it Looks Explanation https://www.youtube.com/watch?v=sI_QSBMj_qg
Demo

6. Sophisticated DDoS Spoofed source IP address
Legitimate packet requests
Ability to quickly grow the number of zombies sending requests

7. East Coast Internet Outage
October 2016
DYN DNS Servers Attacked
Believed to have used IoT
3 attacks in one day

8. DDoS Protection Blackholing Null Routes Overprovisioning
There is no great solution to DDoS attacks.
Blackholing is a common defense against spam, in which an Internet service provider blocks packets from a domain or IP address, but the technique can be used against DDOS attacks.
 a null route (blackhole route) is a network route (routing table entry) that goes nowhere. Matching packets are dropped (ignored) rather than forwarded, acting as a kind of very limited firewall. The act of using null routes is often called blackhole filtering
Over-provisioning
Many DDoS attacks are brute force in nature, and over-provisioning is a brute force defense. Your opponent simply needs to throw enough traffic at you to overwhelm your capacity. You can reduce his chances of success and limit the impact on your users by provisioning for far more traffic than you would expect to receive during normal operation. You do not necessarily need to provision for a 40Gbps attack – not all attackers have botnet arsenals that large – but you should aim to prepare for traffic many multiples of what you experience in normal operations.