Knowledge base

IP address

IP address is the identifier of the device connected to the network.

Proxy server

A proxy server is a system that routes traffic between networks or protocols. The proxy server has its own IP address, so it acts as an intermediary between your computer and the Internet.


Domain Name System blacklists, also known as DNSBL or DNS blacklists, are spam blocking lists that allow the website administrator to block messages from certain systems.

TLS fingerprinting

To effectively protect information, it is necessary to understand what is happening with traffic within the network. However, this is not the easiest task, as it is further complicated by the widespread use of the Transport Layer Security (TLS) protocol, which interferes with traditional methods of monitoring network security. But then TLS fingerprinting comes to the rescue - a method that will help you understand the traffic without depriving you of any advantages of the TLS protocol. For each client, the “fingerprint " remains static from session to session.

TCP handshake

To establish a reliable connection, TCP uses a process called the “three-way handshake”. The established connection will be full-duplex, that is, both channels can transmit information simultaneously, and they also synchronize (SYN) and acknowledge (ACK) with each other.

The 95th percentile

A widely used method to increase available bandwidth by 5% while staying within the selected payment plan, based on the way bandwidth is measured: first, during a month-long period, data transfer stats are collected, then 5% of the highest values are removed from further analysis, while the highest value from the rest is used as the basis for payment calculation.

Attacks against websites

Malicious actions impacting web resources on the Internet. Attacks of this kind are usually classified into mass and targeted types. Attacks of the first type target a site as a whole and are usually automated. In mass attacks, attackers use their knowledge of popular tools and widespread vulnerabilities. Targeted attacks, on the other hand, are usually carried out by manually searching for vulnerabilities and exploiting them. The damage inflicted by an attack of this type can be fatal.

Memcached DDoS attack

A type of amplification attack exploiting features of Memcached system, which is widely used for in-memory caching of data in order to accelerate websites’ operation. The attacks involve making large amounts of spoofed requests to a victim Memcached server, which results in its overloading and getting down.

MS SQL reflection DDoS attack

An attack type that exploits vulnerabilities of the MC-SQLR protocol used for sending queries to Microsoft SQL Server. An overload of a victim’s link is achieved as a result of getting lists of all database instances stored on multiple public SQL servers (including those hosted by service and cloud providers), along with the information on how to connect to those instances. The data is provided in response to a stream of spoofed scripted requests containing the attacked node’s IP address, sent to those SQL servers.

CharGEN flood

A type of transport level amplification DDoS attack, similar to NTP amplification. The attack exploits vulnerabilities of the very old CharGEN character generator protocol, sending small packets with a spoofed victim IP address to devices supporting the protocol (such as printers, copying machines, etc.). The devices’ responses are sent as UDP packets to Port 19 of the victim server, causing it to waste too much resources trying to handle them.

SNMP reflection attack

A DDoS attack variant that exploits vulnerabilities of the SNMP network management protocol and resembles DNS amplification attacks: using a spoofed victim IP address, the attacker sends a large amount of SNMP GetBulk requests with MaxRepetitions parameter set to the highest possible value (2250) to multiple connected devices, which in turn send streams of responses to the attacked network until it gets down. The streams can come at rates of up to hundreds of gigabits per second. Attacks of this type have a very high destructive capacity.

SIP malformed attack

A type of DoS attack exploiting vulnerabilities of Session Initiation Protocol (SIP) used in VoIP services and applications: a SIP server overload is achieved by sending it a flood of messages containing deliberately malformed data. Attacks of this kind generally result in disrupting normal operation of VoIP services.

SYN flood, or SYN attack

A variant of DoS attack implemented at the TCP protocol level – during the attack, a victim node is overloaded by sending a large amount of SYN TCP segments to it (usually, a node is unable to handle more than several thousands of the segments at once). Attacks of this kind are highly efficient.

Shown 1-13 out of 75
We use cookies to make the site faster and more user-friendly. By continuing to use the site you agree to our Privacy Policy
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
© 2013-2022 All rights reservedPrivacy Policy