Quote:
Originally Posted by shanthiavari
What an sql injection is
|
An unverified / unauthorized user input vulnerability. Attacker fools the application to run SQL code that was not intended. For example, find out username or password hashes etc. See
SQL injection - Wikipedia, the free encyclopedia
SQL Injection Attacks by Example
Quote:
Originally Posted by shanthiavari
What a DoS attack is
|
DoS - denial-of-service attack
DDoS - distributed denial-of-service attack - most dangerous
Design to eat up network and server resources. Usually, zombie computers sends tons of requests from all over the world, such that your network or server cannot respond to legitimate traffic. The goal is to knock down your service for several days. This can be prevented (at least in theory) with the help of your ISP, network backbone provider's edge routers, firewall,IPS and special ddos mitigation hardware or proxy service.
Quote:
Originally Posted by shanthiavari
What a botnet is?
|
botnet is collection of zombie computers controlled remotely to start DoS attacks or send spam. It can be used in both good or evil ways. See:
Botnet - Wikipedia, the free encyclopedia
Quote:
Originally Posted by shanthiavari
What firewall applications have you used? Can you name the problems of firewalling ftp?
|
There are many under Linux it is iptables based firewall. Under ftp usually you need to take care of both port 21 and 20 (data bit stream). While data is being transferred via the data stream, the control stream sits idle. This can cause problems with large data transfers through firewalls which time out sessions after lengthy periods of idleness. While the file may well be successfully transferred, the control session can be disconnected by the firewall, causing an error to be generated. This can be handled by loading ip_conntrack_ftp module and writing proper ftp rules. See:
File Transfer Protocol - Wikipedia, the free encyclopedia