khanfarris
-
protocols
- ARP
ARP - Address Resolution ProtocolLayer: Layer 2 (Data Link)Usage: Maps IP addresses to MAC addressesSecurity: No authentication, statelessWatch for: ARP spoofing, MITM attacks, ARP cache poisoning, MAC flooding
- BGP - 179
BGP - Border Gateway ProtocolLayer: Application (Layer 7)Usage: Routing protocol for internet backboneSecurity: No built-in authenticationWatch for: Route hijacking, BGP hijacking, prefix hijacking, route leaks
- DHCP - 67, 68
DHCP - Dynamic Host Configuration ProtocolLayer: Application (Layer 7)Usage: Automatically assigns IP addresses to devicesSecurity: Unauthenticated, vulnerable to spoofingWatch for: Rogue DHCP servers, DHCP starvation, IP conflicts
- DNS - 53
DNS - Domain Name SystemLayer: Application (Layer 7)Usage: Translates domain names to IP addressesSecurity: Unencrypted by defaultWatch for: DNS tunneling, cache poisoning, DDoS amplification, NXDOMAIN attacks
- FTP - 20, 21
FTP - File Transfer ProtocolLayer: Application (Layer 7)Usage: File transfers between client and serverSecurity: Unencrypted credentials and dataWatch for: Brute force, credential theft, unauthorized file access
- HTTP - 80
HTTP - Hypertext Transfer ProtocolLayer: Application (Layer 7)Usage: Web page communicationSecurity: Unencrypted, credentials in plaintextWatch for: Credential harvesting, XSS, CSRF, SQL injection, data exfiltration
- HTTPS - 443
HTTPS - HTTP SecureLayer: Application (Layer 7)Usage: Encrypted web communicationSecurity: TLS/SSL encryptedWatch for: Certificate issues, TLS downgrade, weak ciphers, malware C2
- ICMP
ICMP - Internet Control Message ProtocolLayer: Layer 3 (Network)Usage: Error reporting and network diagnosticsSecurity: Can be used for reconnaissanceWatch for: Ping floods, traceroute scans, ICMP tunneling, Smurf attacks
- IPSec
IPSec - IP SecurityLayer: Network (Layer 3)Usage: Secure IP communications, VPNSecurity: Encrypted IP packetsWatch for: Weak encryption, IKE protocol vulnerabilities, misconfigurations
- Kerberos - 88
KerberosLayer: Application (Layer 7)Usage: Network authentication protocolSecurity: Encrypted tickets, time-boundWatch for: Golden ticket, silver ticket, Kerberoasting, AS-REP roasting
- LDAP - 389
LDAP - Lightweight Directory Access ProtocolLayer: Application (Layer 7)Usage: Directory services, authenticationSecurity: Unencrypted by defaultWatch for: Null bind attacks, LDAP injection, credential harvesting, enumeration
- NAT
NAT - Network Address TranslationLayer: Layer 3 (Network)Usage: Translates private IPs to public IPsSecurity: Hides internal network structureWatch for: NAT bypass attempts, port exhaustion, source IP obfuscation
- NTLM
NTLM - NT LAN ManagerLayer: Application (Layer 7)Usage: Windows authentication protocolSecurity: Weak encryption, vulnerableWatch for: Pass-the-hash, NTLM relay, credential dumping, hash cracking
- OSPF
OSPF - Open Shortest Path FirstLayer: Network (Layer 3)Usage: Dynamic routing protocol for IP networksSecurity: Authentication available but often disabledWatch for: Route injection, LSA flooding, unauthorized router insertion
- RDP - 3389
RDP - Remote Desktop ProtocolLayer: Application (Layer 7)Usage: Remote desktop accessSecurity: Targeted by attackersWatch for: Brute force, BlueKeep, unauthorized access, lateral movement
- SMB - 445
SMB - Server Message BlockLayer: Application (Layer 7)Usage: File sharing, printer access on WindowsSecurity: Vulnerable to exploitsWatch for: EternalBlue, lateral movement, ransomware, null sessions
- SMTP - 25
SMTP - Simple Mail Transfer ProtocolLayer: Application (Layer 7)Usage: Email transmission between serversSecurity: Unencrypted by defaultWatch for: Spam, phishing, email spoofing, relay attacks
- SNMP - 161
SNMP - Simple Network Management ProtocolLayer: Application (Layer 7)Usage: Network device monitoring and managementSecurity: Weak community strings (v1/v2c)Watch for: Default community strings, information disclosure, OID enumeration
- SSH - 22
SSH - Secure ShellLayer: Application (Layer 7)Usage: Secure remote administrationSecurity: Encrypted, strong authenticationWatch for: Brute force attacks, key compromise, SSH tunneling abuse
- STP
STP - Spanning Tree ProtocolLayer: Data Link (Layer 2)Usage: Prevents network loops in switched networksSecurity: No authenticationWatch for: Root bridge takeover, BPDU manipulation, DoS attacks
- TCP
TCP - Transmission Control ProtocolLayer: Layer 4 (Transport)Usage: Reliable, connection-oriented data transmissionSecurity: Connection state trackingWatch for: SYN floods, TCP hijacking, port scans, connection exhaustion
- TLS/SSL
TLS/SSL - Transport Layer SecurityLayer: Session/Presentation (Layers 5-6)Usage: Encrypts application layer protocolsSecurity: Encrypted communicationWatch for: Weak ciphers, certificate validation issues, POODLE, BEAST attacks
- UDP
UDP - User Datagram ProtocolLayer: Layer 4 (Transport)Usage: Fast, connectionless data transmissionSecurity: No connection state, easily spoofedWatch for: UDP floods, DNS amplification, spoofed packets
- VLAN
VLAN - Virtual LANLayer: Data Link (Layer 2)Usage: Segments network logicallySecurity: Logical separationWatch for: VLAN hopping, double tagging, unauthorized VLAN access
- VPN
VPN - Virtual Private NetworkLayer: Network (Layer 3)Usage: Creates secure tunnel over public networkSecurity: Encrypted tunnelWatch for: Unauthorized VPN access, split tunneling abuse, VPN leaks
- ARP