Glossary

Flow

A flow represents a communication between a local IP address (a network device such as a computer) and a public/remote IP address (a server in the world).

A flow can be inbound (IN) or outbound (OUT). The direction of the flow indicates by which IP the communication was initiated:

  • The public / remote / WAN IP address -> IN

  • The local / device / LAN IP address -> OUT

The distinction of the direction of the flows allows the cyberweather calculation.

Toxic flow

A toxic flow is a communication with a public IP address evaluated as toxic by Serenicity.

Toxic IP address

Toxic IP addresses are public/remote IP addresses that have been evaluated as malicious to your information system by CerbèreIPDB.

An IP address can be qualified in different types of threats.

Dangerousness of the threats

Threat
Dangerousness
Icône

Known attacker

Command center

Trojan horse

Compromission supply chain

No icon

Military

Tor node

SIP

Video

Bruteforce

Aucune icône

If an IP address appears toxic but does not present any threat, it means that it has not yet been qualified.

Definition of threats

Bruteforce

A brute force attack on an information system is an attack aimed at making a large number of connection attempts to a service.

For example, on an insecure protocol, a brute force attack can aim at trying many combinations of login and password among the most common combinations (e.g. admin / password).

Command center

A command center is an IP with which ransomware communicates and from which it receives orders.

Ransomware is malicious software that blocks access to a computer and/or its files and demands that the victim pay a ransom to regain access. The blocking of the victim's access is done by encrypting his data.

The command center allows the ransomware to be installed in a network and then to command the encryption of the data remotely.

Known attacker

A known attacker means that the IP address in question has been recognized, repeatedly detected and assessed as highly dangerous by Serenicity.

Military

A military threat represents an IP address from a state, institution or military.

Tor node

The Tor network is a global, decentralized computer overlay network. It is widely used to get to the darknet.

A tor node represents a server in this network, and thus a gateway to the darknet.

Trojan horse

A Trojan horse is a type of malware, which should not be confused with viruses or other parasites. A Trojan horse is software that appears to be legitimate, but contains malicious functionality.

A toxic trojan threat IP address means that the IP address has been flagged as the point of origin of this malware, for example the IP address behind a trojan download link.

Supply chain compromission

Supply chain compromise threats are focused on software vendors and hardware manufacturers.

Attackers look for insecure code, insecure infrastructure practices, and insecure network procedures that allow the injection of malicious components.

When a build process requires multiple steps, from development (or manufacturing) to installation, an attacker (or group of attackers) has multiple opportunities to inject their own malicious code into the final product.

SIP (Session Initiation Protocol)

Session Initiation Protocol, abbreviated to SIP, is an open standard communications protocol for session management often used in multimedia telecommunications. It is the most common protocol for Internet telephony.

A threat of this type will try to attack a computer network via this protocol.

Video

In the same way as SIP, these threats will try to attack computer networks using video flow protocols.

Dernière mise à jour