ACLs act as a basic method of limiting access to the network. They constitute sequential lists of permit and deny conditions. The lists define the connections permitted to pass through a device, usually a router.
Analysis Module
This module is active during the Detector module detection mode of operation. When no DDoS attack signs are indicated the Detector module directs the diverted zone traffic to flow through this module. The analysis module lets the zone traffic flow unobstructed. The module analyzes the flows, allowing the recognition module to sample them.
Anti-Spoofing
A security feature designed to prevent unauthorized access to a network through the technique known as IP spoofing. See IP spoofing.
ARP Redirect Attack
An attack on a local subnet using the ARP protocol.
B
block- unauthenticated
A policy action that directs traffic to an anti-spoofing mechanism that deals with unauthenticated traffic.
Bypass filter
A filter designed to enable you to direct desired traffic flows to bypass the Detector module detection mechanisms. Thus, you can better adopt the Detector module to its detection policy.
D
Distributed Denial of Service (DDoS) Attack
A Denial of Service attack against a site or server launched from multiple sources. This is sometimes carried out by concealed exploiting servers to function as agents for transmitting the attacks. In many cases, the attacker will place client software on a number of unsuspecting remote computers and then use these computers to launch the attack. A Distributed Denial of Service attack is more effective than a simple Denial of Service attack, as the volume of traffic is considerably higher, and is more difficult to prevent. Examples of DDoS attacks are Syn flood, Smurf attack and Targa attack.
DNS TCP
A policy template that produces a group of policies related to DNS-TCP protocol traffic.
DNS UDP
A policy template that produces a group of policies related to DNS-UDP protocol traffic.
Dynamic filter
Dynamic filters are created by the Detector module as the result of analysis of traffic flow. They are used to filter out DDoS attacks. This set of filters is continuously adapted to the zone traffic and the type of the DDoS attack.
F
Flex filter
The Flex filter is a Berkley Packet filter that facilitates the user with extremely flexible filtering capabilities such as filtering according to fields in the IP and TCP headers and filtering according to content bytes. It enables to use complex Boolean expressions. The Flex filter is used to count a specified packet flow.
G
Detector module
A system designed to protect network elements against DDoS attacks.
H
http
A policy template that produces a group of policies related to HTTP traffic flowing, by default, through port 80 or other user-configured ports.
I
IP Traffic Diversion
A process consisting of transparently diverting the traffic of one or more zones to the Detector module, and returning the legitimate, cleaned traffic from the Detector module to the original data path and on to the zone. Traffic diversion is also performed for learning purposes.
M
Maximum Transfer Unit (MTU)
The largest frame size that can be transmitted over the network. Messages longer than the MTU must be divided into smaller frames.
N
Non-spoofed attack
A DDoS attack coming from a valid IP address host.
O
On-Demand Protection
This protection is activated in a situation when the zone is attacked while the Detector module has not completed its learning phases. As a result the Guard has not adopted its protection policies to the zone traffic requirements.
Other protocols
This policy template produces a group of policies related to protocols untreated by other policy templates.
P
Policy Construction Phase
In this phase the Detector module, based on the zone traffic characteristics, produces the policies with the aid of the policy templates.
Policy Templates
The policy templates are a collection of policy constructing guiding rules and the output of each template after concluding the policy construction phase is a group of policies.
Policy
The policies are the mechanisms that measure a particular traffic flow and take an action against the flow as a result of a threshold violation. A policy may, for example, direct the Detector module to produce a Dynamic filter.
S
Spoofed attack
A DDoS attack coming from a faked transmission address.
T
Tcp not auth
This policy template produces a group of policies related to TCP connections that haven't been authenticated by the Detector anti-spoofing mechanisms.
Tcp outgoing
This policy template produces sets of policies related to TCP initiated by the zone.
Tcp services
This policy template produces a group of policies related to TCP services on ports other than HTTP and other policy template related.
Threshold Tuning Phase
This is the stage in which the Detector further analyses the zone traffic and defines threshold for the policies constructed in the policy construction phase.
Traffic Diversion
The Guard operates diversion techniques to direct the zone traffic to pass through its protection mechanisms for traffic learning and malicious traffic filtering. The traffic is then injected back to continue its path to the zone.
U
Udp services
This template produces a group of policies related to UDP services.
Z
Zombie
A device that acts as an unaware participant in a distributed Denial of Service (DDoS) attack.
Zombie attack
A zombie attack is a type of attack that uses unaware participant machines to launch a DDoS attack. The attacker first spreads a Trojan to unsuspecting users that are not the final target, and may later instruct the Trojan to perform legitimate connections to the zone. This makes it difficult to identify the original source of the attacks.
Zone
The detected network element. Also, a Detector file with all data relating to the detected zone such as configurations, policies and filters.
