Network Security terminology

The full name of DDoS is distributed denial of service (Distributed Denial of Service). Through many "zombie hosts" (hosts that have been intruded by attackers or can be indirectly used) A large number of seemingly valid network packets are sent to the affected host, resulting in network congestion or server resource depletion resulting in Denial of Service. Once a distributed denial of service is implemented, the attack network package will flood to the affected host, so that the network package of Valid users is drowned, so that legal users cannot access the network resources of the server. Common DDoS attacks include SYN flood, Ack flood, and UDP.
Flood, ICMP flood, TCP flood, connections flood, script flood, proxy flood, etc.

The full name of DOS is deneal of service (DoS). By exploiting specific host vulnerabilities, the network stack becomes invalid, the system crashes, and the host crashes, this causes a denial of service. Common DoS attacks include teardrop, land, jolt, IGMP Nuker, boink, smurf, bonk, and OOB.

Worm (Network Worm) is a malicious attack that spreads through the network, and unordered user intervention can independently or rely on file sharing to take the initiative.Code. According to the propagation policy, network worms are divided into three types: e-mail worms, file sharing worms, and traditional worms. Worms are characterized by active attacks, tracking concealment, vulnerability exploitation, network congestion, system performance reduction, security risks, repeatability, and destructiveness.

IP Spoof is an electronic spoofing technology. A host device impersonates the IP address of another host and communicates with its device to achieve a certain purpose. To identify IP spoofing, you can view the MAC address. The best way to prevent spoofing is to bind two-way MAC addresses on the two servers that communicate with each other. This method mainly deals with ARP Spoof attacks.

SYN flood is one of the most popular DoS (Denial of Service Attack) and DDoS methods. It is a TCP protocol defect that can be used to send a large number of forged TCP connection requests, so that the attacked party's resources are exhausted (the CPU is full or the memory is insufficient.

Social engineering, a social engineering attack, is a network attack that uses social engineering.

Honeybot (botnet tracking tool) is a Windows honeypot capable of imitating more than 1000 vulnerable services on the network.ProgramTo capture and record intrusion and attack attempts.

Shellcode is actually a piece of code that is used to send code to the server to exploit a specific vulnerability. Generally, you can obtain permissions. In addition, shellcode is generally sent to the attacked service as data. Shellcode is the core of overflow programs and worms.

Brute Attack: A violent attack.