Glossary
Flow
A flow represents a communication between a local IP address (a network device such as a computer) and a public/remote IP address (a server in the world).
A flow can be inbound (IN) or outbound (OUT). The direction of the flow indicates by which IP the communication was initiated:
The public / remote / WAN IP address -> IN
The local / device / LAN IP address -> OUT
The distinction of the direction of the flows allows the cyberweather calculation.
Toxic flow
A toxic flow is a communication with a public IP address evaluated as toxic by Serenicity.
Toxic IP address
Toxic IP addresses are public/remote IP addresses that have been evaluated as malicious to your information system by CerbèreIPDB.
An IP address can be qualified in different types of threats.
Dangerousness of the threats
| Threat | Dangerousness | Icône |
|---|---|---|
Known attacker | ||
Command center | ||
Trojan horse | ||
Compromission supply chain | No icon | |
Military | ||
Tor node | ||
SIP | ||
Video | ||
Bruteforce | Aucune icône |
If an IP address appears toxic but does not present any threat, it means that it has not yet been qualified.
Definition of threats
Bruteforce
A brute force attack on an information system is an attack aimed at making a large number of connection attempts to a service.
For example, on an insecure protocol, a brute force attack can aim at trying many combinations of login and password among the most common combinations (e.g. admin / password).
Command center
A command center is an IP with which ransomware communicates and from which it receives orders.
Ransomware is malicious software that blocks access to a computer and/or its files and demands that the victim pay a ransom to regain access. The blocking of the victim's access is done by encrypting his data.
The command center allows the ransomware to be installed in a network and then to command the encryption of the data remotely.
Known attacker
A known attacker means that the IP address in question has been recognized, repeatedly detected and assessed as highly dangerous by Serenicity.
Military
A military threat represents an IP address from a state, institution or military.
Tor node
The Tor network is a global, decentralized computer overlay network. It is widely used to get to the darknet.
A tor node represents a server in this network, and thus a gateway to the darknet.
Trojan horse
A Trojan horse is a type of malware, which should not be confused with viruses or other parasites. A Trojan horse is software that appears to be legitimate, but contains malicious functionality.
A toxic trojan threat IP address means that the IP address has been flagged as the point of origin of this malware, for example the IP address behind a trojan download link.
Supply chain compromission
Supply chain compromise threats are focused on software vendors and hardware manufacturers.
Attackers look for insecure code, insecure infrastructure practices, and insecure network procedures that allow the injection of malicious components.
When a build process requires multiple steps, from development (or manufacturing) to installation, an attacker (or group of attackers) has multiple opportunities to inject their own malicious code into the final product.
SIP (Session Initiation Protocol)
Session Initiation Protocol, abbreviated to SIP, is an open standard communications protocol for session management often used in multimedia telecommunications. It is the most common protocol for Internet telephony.
A threat of this type will try to attack a computer network via this protocol.
Video
In the same way as SIP, these threats will try to attack computer networks using video flow protocols.
Last updated
