Page tree


DARPANet: An alias for ARPANET. See: ARPANET

Darknet : The “underbelly” of the Internet. The Darknet is an overlay network that uses the Internet as its base. Special software, configurations, authorization, or knowledge (non-standard communications protocols and ports) are required to access Darknet sites.

Deepweb: See Darknet

Device: A logical or physical entity which processes network requests and applies one or more policies while capturing the request and action taken.

Dictionary attack : An attack against weak passwords on a computer (usually aimed at the root/admin account) using known commonly used password strings.

Distributed Digital Currency : A form of Digital Currency that has no central control structure.

Digital Currency (Digital Money): A digitally based medium of exchange (as opposed to paper and metal, exhibits properties similar to physical currency. Cryptocurrencies like Bitcoin, Litecoin, and Dogecoin are growing types of Digital Currencies. Other types of Virtual Currency (like those used in some online games) are another type of Digital Currency.

DLP (Data Loss Prevention): A program that specializes in the prevention of data ex-filtration.

DNS Management Software : software that controls DNS server clusters.

DNS Zone : DNS Zone Example A distinct, contiguous, logical grouping of IP addresses and/or domain names delegated to a single manager beneath an authoritative server. Zones extend down from a domain into the leaf nodes or to the TLD where another zone starts at the point of delegation.

By way of explanation, in our example to the right, the top-level domain .edu is delegated from " " (root). While its domain encompasses all sub-domains and their zones: its zone is made up of its servers, and extends down to the second-level domains ( , , ), each of these second-level domains has a unique manager that has had responsibility for the zone delegated to it from the .edu zone, and each is therefore a zone unto itself; additionally the .edu acts as an authoritative server for each of its child zones. There can be zones further down this branch, but we're going to stop here for brevity.

DNSBL (DNS-based Blackhole List): A list of known possible spam hosts on the net. Devices referencing these lists ignore traffic from these IP addresses, effectively placing communications with the IP into a blackhole.

DNSChanger : A trojan that specialized in redirecting a target computer's DNS to point to the creator of the trojan's servers. Rove Digital created the virus to allow their advertising banners to be pushed to unsuspecting users.

DNSSEC (DNS Security Extensions): A collection of specifications (RFC 4033, RFC 4034, and RFC 4035) put together by the IETF to aid in securing information provided by DNS systems on Internet Protocol networks.

Domain Generation Algorithm (DGA): algorithms seen in various samples of malware, used to periodically generate a large number of domain names to be used for rendezvous points with C&C systems.

Domain Name System (DNS): A hierarchical distributed naming system for computers, services and other resources attached to the Internet (or a private network that is using DNS). Associates various information with domain names assigned to each participating device. Most commonly known for translating IP addresses into human readable/friendly names.

DoS (Denial of Service): An attack against a target aimed at disruption (or denial) of service through the flooding of the victim's bandwidth with excess communications. This can be as simple as issuing a flood of pings to a computer with a slow up-link, to having hundreds or thousands of zombie computers sending data to a high-speed host. Multiple sub-types of DoS attack exist, a sample includes:

  • DDoS (Distributed Denial of Service): A DoS attack using multiple attacking systems to fill the victim's bandwidth with crap packets.
    • A variant of this type of flooding is known as distributed degradation-of-service. Committed by "pulsing" zombies, distributed degradation-of-service is the moderated and periodical flooding of websites, done with the intent of slowing down rather than crashing a victim site. The effectiveness of this tactic springs from the fact that intense flooding can be quickly detected and remedied, but pulsing zombie attacks and the resulting slow-down in website access can go unnoticed for months and even years. Schwabach, Aaron (2006). Internet and the Law. ABC-CLIO. p. 325. ISBN 1-85109-731-7.
  • PDoS (Permanent Denial of Service): A type of DoS that damages a system at the hardware level, requiring removal and replacement of the hardware. These are targeted at flaws that allow remote administration (such as routers, printers, and other networking hardware). Once in the device the attacker flashes the device's firmware with bad data, bricking the device.
  • Fraggle : Variation on a Smurf attack. UDP traffic to ports 7 and 19 is increased on a Broadcast IP Address. The destination IP address is spoofed with the victim's IP. This causes the Broadcast IP to send the data across all of its IPs which then attempt to respond to the victim client. Since Broadcast IPs can have hundreds of computers in their range, the mass response to the victim IP eats up the victim's bandwidth resulting in a Denial of Service.
  • RUDY : R-U-Dead-Yet? attacks are targeted specifically at at web applications, and work by starving the server of available sessions. By continuously issuing POST transactions using large header values the server is slowly drained of its ability to respond in a timely manner until it is finally unable to respond at all.
  • Smurf : Where a Fraggle attack relies on providing traffic to UDP ports, a Smurf attack works by sending Internet Control Message Protocol (ICMP) packet with the IP address spoofed to the victim's IP. Protections against this have been available for some time, mitigating the number of Smurf attacks over time.
  • Amplification: Many network services can be used to act as a "reflector." By spoofing the recipient IP address requests sent to these services on the reflector machines will return responses to the target that may be large, multitudinous, or both depending on the service.

Drone: A compromised computer that is acting as part of a bot net. See: Botnet, Zombie

DOX (D0x): Pronounced "docks". Slang for an individuals personally identifying information. See Personally Identifiable Information (PII).

D0xing (doxxing): The act of scouring the Internet to obtain an individual's personal information through any means necessary.

Draper, John : Also known as Captain Crunch, an early phreaker. Noted for his discovery that by covering the bottom hole of a Captain Crunch Bosun Whistle the toy would create a 2600 Hz tone. This was the same tone used by Bell Telephone to open long distance lines in their branch exchanges. This allowed him to make free phone calls from any payphone.

DRIDEX (successor to Feodo and CRIDEX): Malware targeted at stealing an end user's online banking data. Its primary difference to CRIDEX is its delivery method, relying on spam to deliver Microsoft Word documents containing the code. See: Banking Trojan

Drive By Attack : a platform setup to deliver malicious code automatically without regard to the target. By shotgunning the attack to anything it can get: the attacker can infect a wider swath of the users that are visiting the service. See: Watering Hole Attack

Drones: Compromised computers that are used as a part of a botnet. See: Botnet, Zombie

Dropper : A stage of an attack that acts as a carrier, containing other malicious code. When launched it “drops” (installs) the contained file, and executes it. See: Trojan

  • 1209 Hz
  • 1366 Hz
  • 1477 Hz
  • 1633 Hz
  • 697 Hz
  • 1
  • 2
  • 3
  • A
  • 770 Hz
  • 4
  • 5
  • 6
  • B
  • 852 Hz
  • 7
  • 8
  • 9
  • C
  • 941 Hz
  • *
  • 0
  • #
  • D
DTMF (Dual Tone Multi-Frequency signaling): The electrical frequencies that were broadcast down analog phone lines to make phone calls. By closing a circuit in the phone, two frequency vibrators would begin sending an electrical signal in an audible range down the phone line. The combination of the two frequencies would allow the phone system to determine what key had been touched. Note that smartphones today still mimic these sounds. The associated frequencies and keypad locations are shown to the right.


The right column (containing keys A,B,C,D) had originally been envisioned to allow users to interface with computer menu systems via the phone. This also prompted the creation of the asterisk (*) and octothorpe (#) keys. However, very few computer systems took advantage of this, and the feature was largely omitted from most phones.

Years later, humans inflicted computer driven phone menus on each other, some with voice activation. This may be seen as the beginning of the end for humanity. Time will tell.

Dynamic DNS (DynDNS or DDNS): A method of associating an IP address with a DNS address. Small to medium businesses with internal servers may receive DHCP addresses instead of static IP addresses.This can mean that a company's IP address shifts from their current IP address (for example, to a new address (for example Yet, their DNS record would still point to This address could reassociate to anyone, or even no one, based on the DHCP lease provided by their ISP. DynDNS solves this by allowing companies to pay a nominal fee to have an authoritative DNS server update the DNS pool with their new IP. This works by the company installing a small program on their server. The program monitors for IP address changes and relays these changes to the authoritative server. The authoritative server then sends out the changes to the DNS system as a whole. This ensures the smallest amount of downtime for these dynamically allocated services.

Dynamic Host Configuration Protocol (DHCP): A network protocol that assigns IP addresses dynamically. This allows for the quick deployment of a network environment. Seen most often on internal company networks, some ISPs also use DHCP for end users. This may include small to medium size businesses that cannot afford to purchase a static IP.

IP address distribution happens during client attempts to access the network. During startup (or after NIC activation), the client contacts the DHCP server to receive its address. This server is a prerequisite for a DHCP network, otherwise, the network requires a static configuration.