Lynda.com is now LinkedIn Learning!

To access Lynda.com courses again, please join LinkedIn Learning

All the same Lynda.com content you know and love

Plus, personalized course recommendations tailored just for you

All the same access to your Lynda learning history and certifications

Try LinkedIn Learning for free

Questions? Visit our help center.

How does my subscription work?

Can I use a different payment method?

Yes, after you upgrade to LinkedIn Learning you can change your payment method on LinkedIn.com.

Upgrade Now

By upgrading, your account will only be accessible on Linkedin Learning.

Lynda.com is now LinkedIn Learning · Same content. Same instructors. New platform.

Start My Free Month

NEW: Amplification using memcached

In 2018, GitHub was hit with a denial of service using an amplification attack. In this video, look at the GitHub attack and the way in which memcache was used to achieve an amplification factor of around 50,000 to create an overwhelming denial of service

- NTP isn't the only protocol we can use to amplify a … denial of service. There are many other amplification … protocols which can be used. And one which deserves … specific mention is the protocol used in the Memcached … software. … Memcached is a third party tool … used to cache objects in a systems memory. … And then retrieve those objects quickly. … Its used to speed up dynamic web applications … and its management features can be accessed using … TCP or UDP on port 11211 … Let's have a look at an example of a Memcached exchange … using Netcat … I'll use Netcat to make a simple connection to port 11211 … on a Memcached server … (typing) … and I'll issue the stats command … We get a response from the server of about 2000 characters … Which provides a respectable amplification factor of about … 400 … Of course using a TCP connection is quite safe and can't … be used to support a denial of service attack … But if the command were to be sent via UDP … With no session set up and with a spoofed source address …

Resume Transcript Auto-Scroll

Author

Malcolm Shore

Skill Level Intermediate

1h 39m

Duration

15,591

Views

Show More Show Less

Related Courses

Introduction
- Understanding and defeating denial-of-service attacks
  55s
- What you should know
  37s
- Disclaimer
  1m 12s
1. What Is a Denial of Service?
- Understanding denial of service
  8m 12s
- Using Python to test denial of service
  3m 26s
2. Infrastructure Denial of Service
- TCP SYN flooding using hping3
  4m 57s
- Using Hyena to run a reflection attack
  6m 39s
- UDP flooding with LOIC
  3m 16s
- ARP poisoning with Ettercap
  5m 13s
- Using NTP to amplify attacks
  5m 55s
- NEW: Amplification using memcached
  2m 52s
- NEW: When is a DDoS not a DDoS?
  2m 32s
3. Wireless Denial of Service
- Deauthenticating a wireless host
  2m 44s
4. Application Denial of Service
- Flooding HTTP using GoldenEye
  3m 38s
- Testing webapps using OWASP SwitchBlade
  3m 41s
- Understanding BlackEnergy
  6m 12s
- Killing the FTP service
  1m 42s
- RangeAmp attacks on the CDN
  1m 10s
5. SIP Service Attacks
- Flooding a SIP server
  6m 9s
6. Ransomware
- Explaining ransomware
  3m 42s
- Understanding Cryptolocker
  2m 44s
- Understanding Petya
  2m 28s
7. Mitigation Techniques
- Defeating denial-of-service attacks
  6m 38s
- Commercial anti-DOS services
  1m 49s
- Detecting P2P attacks with PeerShark
  4m 14s
- NIST guidance on mitigating DDOS
  2m 43s
- Considering IoT denial
  2m 53s
Conclusion
- Summary
  1m 2s

Show MoreShow Less

Take notes with your new membership!

Type in the entry box, then click Enter to save your note.

1:30Press on any video thumbnail to jump immediately to the timecode shown.

Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.

Start My Free Month

Skills covered in this course

Security IT

Start My Free Month

Start your free month on LinkedIn Learning, which now features 100% of Lynda.com courses. Develop in-demand skills with access to thousands of expert-led courses on business, tech and creative topics.

Start My Free Month

Lynda.com is now LinkedIn Learning!

To access Lynda.com courses again, please join LinkedIn Learning

How does my subscription work?

Can I use a different payment method?

Categories

3D + Animation Topics

3D + Animation Software

3D + Animation Learning Paths

Audio + Music Topics

Audio + Music Software

Audio + Music Learning Paths

Business Topics

Business Software

Business Learning Paths

Business Guides

CAD Topics

CAD Software

CAD Learning Paths

Design Topics

Design Software

Design Learning Paths

Developer Topics

Developer Software

Developer Learning Paths

Education + Elearning Topics

Education + Elearning Software

Education + Elearning Learning Paths

IT Topics

IT Software

IT Learning Paths

Marketing Topics

Marketing Software

Marketing Learning Paths

Photography Topics

Photography Software

Photography Learning Paths

Video Topics

Video Software

Video Learning Paths

Web Topics

Web Software

Web Learning Paths

Web Guides

NEW: Amplification using memcached

Author

Skill Level Intermediate

Duration

Views

Related Courses

Penetration Testing: Advanced Kali Linux

Penetration Testing Essential Training

Ethical Hacking: Hacking IoT Devices

Introduction

1. What Is a Denial of Service?

2. Infrastructure Denial of Service

3. Wireless Denial of Service

4. Application Denial of Service

5. SIP Service Attacks

6. Ransomware

7. Mitigation Techniques

Conclusion

Take notes with your new membership!

Skills covered in this course

Continue Assessment

Start My Free Month