“I’ve spent 20 years translating ‘geek-speak’ into ‘business-speak’—here is my breakdown of the terms you actually need to know and understand.”
Ben Kemp
Confused by Layer 7, ASN, or Volumetric attacks? Our cute little glossary breaks down complex cybersecurity jargon into simple English for NZ business owners. (Go here for DDoS protection and mitigation services.)
Here is the glossary of the terms used within our foray into “botnet activity” and “server defence.“
Table of Contents
Show
1. Attack Vectors & Methods
- Layer 7 (Application Layer): The “top” layer of the internet (HTTP/HTTPS) where your website lives. The attacks emplyed here imitate human behaviour such as loading pages or submitting forms. The objective is to make it harder to detect than the network floods.
- Credential Stuffing: In this scenario, your friendly little botnet uses a stolen username/password list from a different site (perhaps LinkedIn, Yahoo, Outlook etc) and sequentially inserts (stuffs) them into your login page to see if any match your clients.
- Brute Force Attack (BFL): This is an automated effort to ‘guesstimate’ a password by trying hundreds or thousands of combinations a second. This leaves traces if you are using a Limit Login-style security plugin.
- Volumetric Attack: A DDoS attack specifically intended to overwhelm your server by exceeding its load capacity. It will quickly reveal any weaknesses in your server’s resilience.
- Carding / Card Stuffing: Rogue bots use your client’s checkout page to test if the numbers on stolen credit cards are still active – usually by making $1.00 transactions.
2. Bot Classification
- Good Bots: Automated programs that may benefit your website. In this classification, we see Googlebot (indexing for search) or uptime monitors (checking if the site is still alive).
- Bad Bots: Malicious automated pond scum designed to scrape data, block inventory, or detect security vulnerabilities.
- Residential Proxy / “Clean” IP: Surprise, surprise – a botnet can infect your home router or a smart fridge! Since the IP address belongs to a “real person,” it is less likely to be flagged by security filters than a Data Center IP. Don’t buy a smart fridge is my advice… and don’t connect any “home appliances” to your WiFi…
- Low and Slow: An attack technique that uses very low traffic volume over a long period. It is designed to stay under the “radar” of rate-limiting rules. These may be the most dangerous of all…
3. Security & Identification
- ASN (Autonomous System Number): A unique identifier for a group of IP addresses (like a specific ISP or Data Centre). If you see 1,000 hits from “DigitalOcean” or “Linode” on a local bakery site, it’s almost certainly a bot.
- WAF (Web Application Firewall): A filter that sits between the web and your server. It inspects incoming traffic and blocks requests that match known “bad” patterns (like SQL injection).
- Rate Limiting: A rule that says, “If this IP address asks for more than X pages in Y seconds, block them.”
- Managed Challenge: Instead of a hard “Block,” Cloudflare shows a “Checking your browser” screen (the modern CAPTCHA). Humans pass automatically; bots usually fail.
- CVE (Common Vulnerabilities and Exposures): A publicly disclosed list of security flaws. Bots scan your clients’ sites looking for specific CVEs in old WordPress plugins.
4. Advanced Threats
- Lateral Movement: when a hacker breaks into a small part of a network (like a single site), they invariably try to “move sideways” to access more sensitive areas. Getting into the main server database or the hosting control panel makes perfect sense.
- Triple Extortion: The nastiest ransomware tactic of all. The attacker: (1) encrypts your data. (2) threatens to leak it, and (3) launches a DDoS attack to keep your site offline until you pay.
Source: Deep Research: Gemini AI – 9 March.
This is a technical deep-dive into one aspect of website security. For the full strategy on mitigation and real-world case studies, see our main DDoS Attack Mitigation: Real-World NZ Case Studies guide.
