Hackers are using the lesser-known protocols in DDoS attacks, as they are more successful in bypassing firewalls and defense methods. Using Wireshark, the signature if an SSDP amplification attack is examined.
- [Teacher] Today hackers are using…the lesser known protocols in DDoS attacks…as they're more successful in bypassing…firewalls and other defense methods…which generally monitor for the common protocols…such as TCP, IP and ICMP.…One such protocol is Simple Service Discovery Protocol.…SSDP is used to advertise and discover…plug and play devices.…It's an HTTP-like protocol that uses…M-SEARCH and NOTIFY methods.…
Researchers have identified a rise…in amplification attacks using…universal plug and play devices.…Hackers develop scripts that scan…for the Universal Plug and Play enabled devices…and gather a list of vulnerable devices…that reply to that initial discovery packet request.…The devices then become reflectors for the DDoS attacks.…M-SEARCH request packets generate many replies,…and the Amplification depends on the contents…of the device description file.…
Any large company can be affected.…Let's take a look.…I'm in Wireshark, and I want to show you what…an amplification attack might look like.…Now here we see many SSDP packets.…
Join cybersecurity expert Lisa Bock in this course as she explains how to identify vulnerabilities in your system, and how to then take countermeasures to prevent unwanted access. Lisa explains how hackers can use a Trojan to penetrate a network and lists the methods and tools that they use. She follows up by sharing how you can perform ethical hacking of your own system to detect areas of susceptibility, so you can address the flaws and defend against attacks. She also discusses rootkits, SSDP amplification attacks, ICMP, and more.
Note: Learning about ethical hacking for Trojans and backdoors is part of the Malware competency from the Certified Ethical Hacker (CEH) body of knowledge.
- Identifying and removing Trojans
- Defending against Trojans
- Blended threats
- SSDP amplification attack
- Disguising FTP, HTTP, and ping
- Using ICMP
- Detecting, removing, and avoiding rootkits