# Glossary ## Flow A flow represents a communication between a local IP address (a network device such as a computer) and a public/remote IP address (a server in the world). A flow can be inbound (IN) or outbound (OUT). \ The **direction** of the flow indicates by which IP the communication was initiated: * The public / remote / WAN IP address -> **IN** * The local / device / LAN IP address -> **OUT** The distinction of the direction of the flows allows the [cyberweather calculation](/control/english/devices/dashboard-dun-appareil/general/cybermeteo.md#cybermeteo). ## Toxic flow A toxic flow is a communication with a public IP address evaluated as toxic by Serenicity. ## Toxic IP address Toxic IP addresses are public/remote IP addresses that have been evaluated as malicious to your information system by CerbèreIPDB. An IP address can be qualified in different types of threats. ### Dangerousness of the threats

Threat	Dangerousness	Icône
Known attacker	Critical ‼️
Command center	Critical ‼️
Trojan horse	Critical ‼️
Compromission supply chain	Critical ‼️	No icon
Military	Critical ‼️
Tor node	Critique ‼️
SIP	Severe ❗
Video	Severe ❗
Bruteforce	Moderate ❕	Aucune icône

{% hint style="info" %} If an IP address appears toxic but does not present any threat, it means that it has not yet been qualified. {% endhint %} ### Definition of threats #### Bruteforce A brute force attack on an information system is an attack aimed at making a large number of connection attempts to a service. For example, on an insecure protocol, a brute force attack can aim at trying many combinations of login and password among the most common combinations (e.g. admin / password). #### Command center A command center is an IP with which ransomware communicates and from which it receives orders. Ransomware is malicious software that blocks access to a computer and/or its files and demands that the victim pay a ransom to regain access. The blocking of the victim's access is done by encrypting his data. The command center allows the ransomware to be installed in a network and then to command the encryption of the data remotely. #### Known attacker A known attacker means that the IP address in question has been recognized, repeatedly detected and assessed as **highly dangerous** by Serenicity. #### Military A military threat represents an IP address from a state, institution or military. #### Tor node The [Tor network](https://en.wikipedia.org/wiki/Tor_\(network\)) is a global, decentralized computer overlay network. It is widely used to get to the darknet. A tor node represents a server in this network, and thus a gateway to the darknet. #### Trojan horse A Trojan horse is a type of malware, which should not be confused with viruses or other parasites. A Trojan horse is software that appears to be legitimate, but contains malicious functionality. A toxic trojan threat IP address means that the IP address has been flagged as the point of origin of this malware, for example the IP address behind a trojan download link. #### Supply chain compromission Supply chain compromise threats are focused on software vendors and hardware manufacturers. Attackers look for insecure code, insecure infrastructure practices, and insecure network procedures that allow the injection of malicious components. When a build process requires multiple steps, from development (or manufacturing) to installation, an attacker (or group of attackers) has multiple opportunities to inject their own malicious code into the final product. #### SIP (Session Initiation Protocol) Session Initiation Protocol, abbreviated to SIP, is an open standard communications protocol for session management often used in multimedia telecommunications. It is the most common protocol for Internet telephony. A threat of this type will try to attack a computer network via this protocol. #### Video In the same way as SIP, these threats will try to attack computer networks using video flow protocols. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.serenicity.fr/control/english/guides/glossaire.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.