DDoS Attacks and Mitigation Techniques Training

About Training

DDoS Attacks and Mitigation Training is a corporate training program supported by hands-on labs, providing comprehensive knowledge on denial-of-service attack techniques and corresponding defense strategies.

Throughout the training, participants gain insights into critical areas such as IT configuration errors, bandwidth exploitation, and TCP/IP protocol vulnerabilities. Both Layer 7 (application layer) and Layer 4 (network layer) DoS attack methods are demonstrated in practice.

By the end of the course, participants will understand how DoS and DDoS attacks are executed, learn effective protection techniques, and develop a solid foundation in TCP/IP protocols and various DDoS attack types.

The training is conducted online with lab access between 10:00 AM and 5:00 PM on weekdays, completed over 3 days, and participants receive a wet-signed Privia Security certificate upon completion.

Training Content

1. Day

DoS/DDoS Attacks and Defense

What is IP Spoofing?
DoS/DDoS Concepts
What is a Zombie Computer?
Operation and Roles of a Zombie Computer
Countermeasures Against Zombie Computers
What is a Botnet?
Botnet Software
Historical Botnets and Evolution
- Eggdrop
- GTBot
- Bobax
- Rustock
- Zeus
- Conficker
IRC Bots
Social Media Bots
Mobile Botnets
- Mobile Botnet vs PC Botnet Comparison
Fast Flux Network Concept
- Single-Flux
- Double-Flux
Hacktivist Groups and Their Role in DDoS
Real-World DDoS Examples
- Wikileaks

2. Day

Structure and Encapsulation

Turning Points of the Internet

DARPA, ISO
ARPANET
INTERNET
TCP/IP
OSI Reference Model and Structure
TCP/IP Model and Structure
TCP/IP Layers
Data Naming in TCP/IP Layers
Internet Registry Authorities
TCP/IP Protocols and Operation Principles

Ethernet and Hardware Addressing

Ethernet Structure and Encapsulation
ARP (Address Resolution Protocol)
ARP Operation
ARP Cache
ARP Header Structure
ARP Spoofing
MAC Flooding

ICMP Protocol

ICMP Flood

IP (Internet Protocol)

IP Address Classes
IP Header Structure

TCP Header Structure

Acknowledgements in TCP
TCP Flags Concept

DHCP Starvation Attack

DoS/DDoS Attacks

Root Causes
Common Misconceptions About DDoS
SYN Flood
Backlog Queue Concept
How to Detect SYN Flood DDoS Attacks
SYN Flood Testing Using Hping
Countermeasures During a SYN Flood Attack

SYN Flood Defense Mechanisms

- What is SYN Cookie?
- Disadvantages of SYN Cookie
- What is SYN Cache?
- What is SYN Proxy?
- Disadvantages of SYN Proxy

3. Day

DoS/DDoS Prevention Methods and Techniques

How HTTP Works

HTTP GET
HTTP POST
HTTP Flood
GET Flood
POST Flood

DoS/DDoS Attacks Due to Software or Design Flaws

Slowloris Tool and Usage
What is Rate Limiting?

UDP Protocol

UDP Header Structure
Creating UDP Packets with Hping
IP Spoofing at the UDP Layer
UDP Flood
UDP Flood Testing Using Hping

DoS/DDoS Attacks Targeting DNS Services

DNS Architecture
DNS Query Types
Recursive Query
Iterative Query
DNS Name Resolution
IP Spoofing in DNS Protocol
DNS and TCP Relationship
DNS Flood Attacks
Amplified DNS Flood Attacks
Detecting DNS Flood Attacks
Preventing DNS Flood Attacks
DNS Caching
DNS Anycast
Rate Limiting
DFAS

Other DoS Techniques

Teardrop Attacks
Ping of Death Attacks

DDoS Market and Protection Products

CheckPoint DDoS Protector
Fortinet Firewall
F5 DDoS Protection

DoS/DDoS Prevention Methods and Techniques

- Router-Level Protection
- Firewall-Level Protection
- NIPS-Level Protection
- Protection for Web Servers
- Blocking DoS/DDoS with Iptables
- Blocking Local Network DoS/DDoS Attacks
- OpenBSD Packet Filter DDoS Protection Features
- CDN Architecture
- Load Balancer
- CloudFlare