P2P is an efficient method of transferring data over the Internet. The best-known example of a P2P network is torrent.
A firewall is a type of system used to monitor connections between computer networks. As one of the first responses to malicious activity carried out over the Internet, firewalls have become a standard part of corporate, government, and private networks.
A proxy server is a system that routes traffic between networks or protocols. The proxy server has its own IP address, so it acts as an intermediary between your computer and the Internet.
Domain Name System blacklists, also known as DNSBL or DNS blacklists, are spam blocking lists that allow the website administrator to block messages from certain systems.
To establish a reliable connection, TCP uses a process called the “three-way handshake”. The established connection will be full-duplex, that is, both channels can transmit information simultaneously, and they also synchronize (SYN) and acknowledge (ACK) with each other.
To effectively protect information, it is necessary to understand what is happening with traffic within the network. However, this is not the easiest task, as it is further complicated by the widespread use of the Transport Layer Security (TLS) protocol, which interferes with traditional methods of monitoring network security. But then TLS fingerprinting comes to the rescue - a method that will help you understand the traffic without depriving you of any advantages of the TLS protocol. For each client, the “fingerprint " remains static from session to session.
Malicious actions impacting web resources on the Internet. Attacks of this kind are usually classified into mass and targeted types. Attacks of the first type target a site as a whole and are usually automated. In mass attacks, attackers use their knowledge of popular tools and widespread vulnerabilities. Targeted attacks, on the other hand, are usually carried out by manually searching for vulnerabilities and exploiting them. The damage inflicted by an attack of this type can be fatal.
A type of amplification attack exploiting features of Memcached system, which is widely used for in-memory caching of data in order to accelerate websites’ operation. The attacks involve making large amounts of spoofed requests to a victim Memcached server, which results in its overloading and getting down.
An attack type that exploits vulnerabilities of the MC-SQLR protocol used for sending queries to Microsoft SQL Server. An overload of a victim’s link is achieved as a result of getting lists of all database instances stored on multiple public SQL servers (including those hosted by service and cloud providers), along with the information on how to connect to those instances. The data is provided in response to a stream of spoofed scripted requests containing the attacked node’s IP address, sent to those SQL servers.
A type of transport level amplification DDoS attack, similar to NTP amplification. The attack exploits vulnerabilities of the very old CharGEN character generator protocol, sending small packets with a spoofed victim IP address to devices supporting the protocol (such as printers, copying machines, etc.). The devices’ responses are sent as UDP packets to Port 19 of the victim server, causing it to waste too much resources trying to handle them.
A DDoS attack variant that exploits vulnerabilities of the SNMP network management protocol and resembles DNS amplification attacks: using a spoofed victim IP address, the attacker sends a large amount of SNMP GetBulk requests with MaxRepetitions parameter set to the highest possible value (2250) to multiple connected devices, which in turn send streams of responses to the attacked network until it gets down. The streams can come at rates of up to hundreds of gigabits per second. Attacks of this type have a very high destructive capacity.
A type of DoS attack exploiting vulnerabilities of Session Initiation Protocol (SIP) used in VoIP services and applications: a SIP server overload is achieved by sending it a flood of messages containing deliberately malformed data. Attacks of this kind generally result in disrupting normal operation of VoIP services.