Full Skyway Support Library

An SNMP attack is a type of Distributed Denial of Service (DDoS) attack.

Instead of Domain Name Servers (DNS), SNMP attacks use the Simple Network Management Protocol (SNMP) – a common network management protocol used for configuring and collecting information from network devices like servers, hubs, switches, routers and printers.

SNMP attacks can generate attack volumes of hundreds of gigabits per second, which can be directed at targets from multiple broadband networks. Attacks are sometimes hours in duration and are highly disruptive to targets. SNMP attacks elicit a flood of responses to a single spoofed IP address. During an attack, the perpetrator sends out a large number of SNMP queries with a forged IP address (the victim’s) to numerous connected devices that, in turn, reply to that forged address. The attack volume grows as more and more devices continue to reply, until the target network is brought down under the collective volume of these SNMP responses.

Source: www.imperva.com

What is it? Remote Desktop Protocol (RDP) allows a remote computer to take control of a computer in your network. RDP comes pre-installed for Microsoft Windows but can also be used with Apple OSX computers. RDP is used by many to work-from-home; it's also used by IT...

What is it? Simple Service Discovery Protocol (SSDP) is used to discover what devices (and their capabilities) are available in a local area network. It is the basis of Universal Plug and Play (UPnP) devices like printers and scanners but it also helps locate network...

What is it? The Domain Name System (DNS) is a network of computers that convert web addresses like "google.com" into Internet Protocol (IP) addresses like 192.168.0.1. The client computer connects to a DNS server and asks for the IP address of "google.com" and gets an...

What is it? Portmapper, also known as Remote Procedure Call Bind (RPCBind), is a mechanism where Internet address ports can be assigned as a program running on a remote computer to act as if it is running on the local computer. RPCBind runs on port 111 and dates back...

What is it? Network Basic Input/Output System (NetBIOS) is the mechanism that Microsoft Windows systems use to share resources, particularly file and printer shares. NetBIOS uses ports 137, 138 and 139. Why is it a risk? Using a command called NBSTAT (link below), an...

Microsoft SQL is a database management system, and its Server Resolution Service is a way external devices can request details on the MS SQL server running on a network. When exposed to the wider Internet, the Server Resolution Service can be used by a third party to...

What is it? Server Message Block (SMB), also called Common Internet File System (CIFS) allows Microsoft Windows computers to share files, serial ports and printers across a network. SMB uses ports 139 or 445. The UpGuard link below provides background on the protocol...

What is it? Telnet allows a user to open a command terminal on a remote computer or device and execute commands. Telnet runs on port 23. Telnet is primarily used to log in to a remote server, but it can also be used to log in to routers and other network devices. Why...

What is it? Trivial File Transfer Protocol (TFTP) can operate in very little memory so it is sometimes used by a desktop computer to update the firmware on a router. TFTP uses port 69. TFTP is rarely used for Internet file transfers. Wikipedia (link below) does a good...