Skip to content
Log in

Traffic blocking

Definition

Adding firewall rules, null routes, or DNS sinkholes to deny communication between attacker-controlled infrastructure and the victim network. Effective against external command-and-control channels but not against attackers already operating from inside the network.

Related terms

Attacker-alerting risk
The risk that a containment action signals to the attacker that they have been detected, potentially triggering destructive countermeasures on systems they...
Network isolation
Disconnecting a compromised host from all network interfaces while leaving it powered on. Preserves volatile memory contents but removes the attacker's communication...
Short-term containment
Immediate actions taken after incident confirmation to stop an attack from spreading, without waiting for full scope analysis. Distinguished from long-term containment,...
VLAN segmentation
Moving a compromised device or subnet into a separate VLAN with restrictive access control lists, limiting lateral movement to other network segments...
Volatile evidence
Data that exists only while a system is running: active processes, logged-in sessions, network socket state, decryption keys in memory, and command...

Explained in

  • Short-Term Containment TechniquesAdding firewall rules, null routes, or DNS sinkholes to deny communication between attacker-controlled infrastructure and the victim network. Effective against...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account