Hi, folks. Ed Amarose here. And in this short video I just want to talk to you a little bit about a couple of the nuances in distributed denial of service attacks. We've been kind of pondering as a community this problem of volumemetric attacks at targets, and how do we stop the attacks using scrubbing, and for a gateway protocol redirects in filtering and so on. But what the attackers have figured out is that there are creative ways to create clogs or floods or traffic jams on networks that might not be detectable at that layer three or packet volume layer. So layer 3 DDoS attacks, some packet volume, ISPs can detect them. We use scrubbing solution and it works pretty well. We pondered what if that gets bigger and bigger? Well, hopefully the defense gets bigger and bigger. But what a lot of attackers have gone to is something called a Layer 7 DDoS attack,which is really clever because it tend to be low and slow. Tends to be more at the application level, and it's a little harder for ISPs to detect. So you have to reverse two letters usually we need an IPS, an intrusion prevention system at the gateway to detect it. So here's an example. Suppose you had a website with an application that allowed people to download information. And so you have a library of all sorts of different things that you've created. And they might be sizable, might be image libraries or something that are big monster things with video and multimedia and all kinds of stuff. And you're a very kind hearted soul and you give it all away for free. So if somebody comes to your site and they want to request a bunch of the download, you've coded it up where you say hey, want to download stuff, go right ahead. And it may be that most of the time people are very reasonable about that. They download what's reasonable. They don't download any more. But what if a bot net noticed that your server was sitting in a network or hosting center in a business where I'd like to cause problems for that business, and I see that your little server allows a lot of traffic to go out. So what I do is I'd have a bunch of bots then requesting big monster downloads. And what would happen is all that traffic on egress to your gateway out to the Internet would create a gigantic traffic jam in the enterprise. The ISP wouldn't see any of it because these are just little normal requests. Hey, download all this stuff. Nothing else. And then boom, a big barrage of stuff. Not packet, packet, packet, attack, attack, attack, session. All the kinds of things you see layer three. So you'd have an attack on egress from an amplifying source that's hidden to the DDos scrubbing that we've all become so comfortable with as our primary solution for denial of service. Isn't that a little crazy? So, this is a really, really interesting problem that I think begs a lot of creativity in the next five to ten years. A lot of the young people watching, I hope you'll spend some time thinking about different types of protection solutions, different types of international norms, and other kinds of mechanism, both functional, procedural, and also policy based, that will reduce the risk not just to layer three DDoS attacks, but also layer seven application attacks. So, I think that's all we have to say about this. We'll see you in the next video.