Knowledge base

P2P network
#Term

P2P is an efficient method of transferring data over the Internet. The best-known example of a P2P network is torrent.

Firewall
#Term

A firewall is a type of system used to monitor connections between computer networks. As one of the first responses to malicious activity carried out over the Internet, firewalls have become a standard part of corporate, government, and private networks.firewall

IP address
#Term

IP address is the identifier of the device connected to the network.

IP address
Proxy server
#Term

A proxy server is a system that routes traffic between networks or protocols. The proxy server has its own IP address, so it acts as an intermediary between your computer and the Internet.

proxy-server.png
DNSBL
#Term

Domain Name System blacklists, also known as DNSBL or DNS blacklists, are spam blocking lists that allow the website administrator to block messages from certain systems.

TCP handshake
#Term

To establish a reliable connection, TCP uses a process called the “three-way handshake”. The established connection will be full-duplex, that is, both channels can transmit information simultaneously, and they also synchronize (SYN) and acknowledge (ACK) with each other.

TLS fingerprinting
#Term

To effectively protect information, it is necessary to understand what is happening with traffic within the network. However, this is not the easiest task, as it is further complicated by the widespread use of the Transport Layer Security (TLS) protocol, which interferes with traditional methods of monitoring network security. But then TLS fingerprinting comes to the rescue - a method that will help you understand the traffic without depriving you of any advantages of the TLS protocol. For each client, the “fingerprint " remains static from session to session.

Attacks against websites
#Term

Malicious actions impacting web resources on the Internet. Attacks of this kind are usually classified into mass and targeted types. Attacks of the first type target a site as a whole and are usually automated. In mass attacks, attackers use their knowledge of popular tools and widespread vulnerabilities. Targeted attacks, on the other hand, are usually carried out by manually searching for vulnerabilities and exploiting them. The damage inflicted by an attack of this type can be fatal.

Memcached DDoS attack
#Attack

A type of amplification attack exploiting features of Memcached system, which is widely used for in-memory caching of data in order to accelerate websites’ operation. The attacks involve making large amounts of spoofed requests to a victim Memcached server, which results in its overloading and getting down.

MS SQL reflection DDoS attack
#Attack

An attack type that exploits vulnerabilities of the MC-SQLR protocol used for sending queries to Microsoft SQL Server. An overload of a victim’s link is achieved as a result of getting lists of all database instances stored on multiple public SQL servers (including those hosted by service and cloud providers), along with the information on how to connect to those instances. The data is provided in response to a stream of spoofed scripted requests containing the attacked node’s IP address, sent to those SQL servers.

CharGEN flood
#Attack

A type of transport level amplification DDoS attack, similar to NTP amplification. The attack exploits vulnerabilities of the very old CharGEN character generator protocol, sending small packets with a spoofed victim IP address to devices supporting the protocol (such as printers, copying machines, etc.). The devices’ responses are sent as UDP packets to Port 19 of the victim server, causing it to waste too much resources trying to handle them.

SNMP reflection attack
#Attack

A DDoS attack variant that exploits vulnerabilities of the SNMP network management protocol and resembles DNS amplification attacks: using a spoofed victim IP address, the attacker sends a large amount of SNMP GetBulk requests with MaxRepetitions parameter set to the highest possible value (2250) to multiple connected devices, which in turn send streams of responses to the attacked network until it gets down. The streams can come at rates of up to hundreds of gigabits per second. Attacks of this type have a very high destructive capacity.

SIP malformed attack
#Attack

A type of DoS attack exploiting vulnerabilities of Session Initiation Protocol (SIP) used in VoIP services and applications: a SIP server overload is achieved by sending it a flood of messages containing deliberately malformed data. Attacks of this kind generally result in disrupting normal operation of VoIP services.

Shown 1-13 out of 77
We use cookies to make the site faster and more user-friendly. By continuing to use the site you agree to our Privacy Policy
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
© 2013-2022 StormWall.pro. All rights reservedPrivacy Policy