Transmission Control Protocol (TCP)

DARPA Internet Program Protocol Specifications

A connection progresses through a series of states during its lifetime. The states are: LISTEN, SYN-SENT, SYN-RECEIVED, ESTABLISHED, FIN-WAIT-1, FIN-WAIT-2, CLOSE-WAIT, CLOSING, LAST-ACK, TIME-WAIT, and the fictional state CLOSED. CLOSED is fictional because it represents the state when there is no TCB, and therefore, no connection. If a port is in any other state than CLOSED then the port is open and in use. Briefly the meanings of the states are:

IPv4 Address Classes

IPv4 Private Address Space

IPv4 Addresses Reserved for Documentation

Back to Top

Anti-Malware Testing Tools

Test Web Reputation

To test the web reputation service you need a test web site that will simulate various scores. I use these winshipway sites provided by Trend Micro. for that purpose.

Trend Micro products block sites if its score is equal or less than the threshold values (High, Medium, Low).

URLs with a score of 80 or above are considered safe sites. URLs with a score of 50-79 are either unrated and/or suspicious. URLs with a score of 49 or below are known malicious sites.

A new player in web reputation testing is  There you will find samples files to download that will test your client's ability to block certain threats.

C&C Callback

A URL, provided by Trend Micro, used to simulate a Command and Control callback.

Test Virus Scanning Tools

To test a malware scan engine you need a file that is safe but can emulate a virus. We use to test virus scan engines.

A Knowledge Base article from Trend Micro on available anti-malware tools and a brief description. KB article on free anti-malware tools

Trend Micro provided a good article on the definition of Ransomware.

Testing Outbreak Prevetion

A former co-working provide me this PowerShell script to simulate a malware outbreak. It generates 500 Eicar files in a C:\test directory. It may be useful to someone. Just pop this in powershell to generate outbreak alerts and 500 detections at once!

mkdir c:\test; 1..500 | % {New-Item -Path c:\test -Name "$_.txt" -Value "X5O!P%@AP[4\PZX54(P^)7CC)7}`$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!`$H+H*".toString() -ItemType file}
Back to Top

Data Loss Prevention (DLP)

Testing Data Loss Prevention

The data loss prevention test site, listed below, provides some good test files in various formats: PDF, XLS, and CSV, and is various sizes in order to test your DLP engine. The test data includes files containing the following data types:

The test data provided simulates data wihtout puting Personally Identifiable Information (PII) at risk. The DLP Test site URL is From here you can test posting to a web site and an FTP test.

Perl Regular Expressions

Compromise Indicators

Back to Top