fix(issues): 2024-120-2 bis

docs/tutorial/01/hub.md

@@ -293,14 +293,18 @@ These are standard, to ensure connectivity with a minimum level of security on r
 
 Your resources should look like this.-
 
-![snapshot](../../../assets/img/azure/solution/vnets/hub/snapshots/02.png)
+![snapshot](../../../assets/img/azure/solution/vnets/hub/snapshots/01.png)
 
 ### Resource visualizer
 
 You can see the relationship between the Firewall `fw` and the Public IP `fw-ip` in the resource visualizer.
 
 ![Resource visualizer](../../../assets/img/azure/solution/vnets/hub/fw/resources/01.png)
 
+### Network Diagram
+
+![Network Diagram](../../../assets/img/azure/solution/vnets/hub/network/01.png)
+
 ## Costs
 
 Both **Azure Bastion** & **Azure Firewall** are expensive resources, which are charged by the hour.

docs/tutorial/01/spoke.md

@@ -43,11 +43,13 @@ Make sure **Bastion** & **Firewall** remained **Toggled OFF**.
 
 ###### IP addresses
 
+Virtual Network: `10.2.x.x/16`
+
 | Subnet    | IP family | CIDR Block    | Size    | Notes |
 | --------- | --------- | ------------- | ------- | ----- |
 | `default` | `0-3.x`   | `10.2.0.0/22` | `1,024` |       |
 
-![Security](../../../assets/img/azure/solution/vnets/spoke/vnet/create/ip/after.png)
+![Security](../../../assets/img/azure/solution/vnets/spoke/vnet/create/ip_addresses/after.png)
 
 ##### Review + Create
 
@@ -105,6 +107,10 @@ Review your settings and create the VNet.
 
 [JSON Template](../../../azure/templates/modules/01/spoke)
 
+### Network Diagram
+
+![Network Diagram](../../../assets/img/azure/solution/vnets/spoke/network/01.png)
+
 ## Next Steps
 
 [Create VNets peering](./peering.md)

docs/tutorial/03/nsg.md

@@ -166,6 +166,27 @@ Not part of this tutorial.
 
 The following is meant to be only educational.
 
+### Ping Flooding
+
+First, read about [ICMP Flooding](../../vulnerabilities.md#icmp-flooding)
+
+`ping` uses `ICMP` by default, which, because of flood attacks, is often blocked now by routers.
+
+#### Inbound: Deny ICMP
+
+- **Name**: `deny-icmp`
+  - **Priority**: `1000`ish
+  - Source: Any
+  - Destination: Any
+    - **Protocol**: `ICMP`
+
+> [!IMPORTANT]
+> There are things like "TCP Ping" that can be used that use `TCP` instead of `ICMP`.
+
+[This article does a pretty good job of explaining this](https://www.baeldung.com/linux/tcp-packets-ping)
+
+You can sometimes cheat with `ssh` on a **specific port**.
+
 ### Storage account(s)
 
 #### Outbound: Allow DNS

docs/tutorial/04/spoke/webapp.md

@@ -131,7 +131,7 @@ We'll tell the WebApp to use that subnet to create IPs (NICs?) it can use for an
 
 ![Virtual Network Integration](../../../../assets/img/azure/solution/vnets/spoke/webapp/settings/networking/virtual_network_integration/subnet/add.png)
 
-- [x] **Outbound Internet Traffic**: Checked. Ensure it goes through our delegated `webapp` subnet and not directly to the internet. Will aalso
+- [x] **Outbound Internet Traffic**: Checked. Ensure it goes through our delegated `webapp` subnet and not directly to the internet.
 
 ![Virtual Network Integration](../../../../assets/img/azure/solution/vnets/spoke/webapp/settings/networking/virtual_network_integration/subnet/connected.png)
 

docs/vulnerabilities.md

@@ -1,7 +1,21 @@
 # Known Vulnerabilities
 
+## DDoS
+
+### ICMP Flooding
+
+Also known as ["Ping of death"](https://www.fortinet.com/resources/cyberglossary/ping-of-death)
+
+> The ping of death is a form of denial-of-service (DoS) attack
+> that occurs when an attacker crashes, destabilizes, or freezes computers or services
+> by targeting them with oversized data packets
+
 ## DNS
 
-### Poisoning
+### Spoofing
+
+Also known as [DNS Poisoning](https://www.okta.com/identity-101/dns-poisoning/)
 
-[DNS Poisoning/Spoofing](https://www.okta.com/identity-101/dns-poisoning/)
+> During a DNS poisoning attack, a hacker substitutes the address for a valid website for an imposter.
+> Once completed, that hacker can steal valuable information, like passwords and account numbers.
+> Or the hacker can simply refuse to load the spoofed site