Knowledge base

P2P is an efficient method of transferring data over the Internet. The best-known example of a P2P network is torrent.

A firewall is a type of system used to monitor connections between computer networks. As one of the first responses to malicious activity carried out over the Internet, firewalls have become a standard part of corporate, government, and private networks.

IP address is the identifier of the device connected to the network.

A proxy server is a system that routes traffic between networks or protocols. The proxy server has its own IP address, so it acts as an intermediary between your computer and the Internet.

Domain Name System blacklists, also known as DNSBL or DNS blacklists, are spam blocking lists that allow the website administrator to block messages from certain systems.

To establish a reliable connection, TCP uses a process called the “three-way handshake”. The established connection will be full-duplex, that is, both channels can transmit information simultaneously, and they also synchronize (SYN) and acknowledge (ACK) with each other.

To effectively protect information, it is necessary to understand what is happening with traffic within the network. However, this is not the easiest task, as it is further complicated by the widespread use of the Transport Layer Security (TLS) protocol, which interferes with traditional methods of monitoring network security. But then TLS fingerprinting comes to the rescue - a method that will help you understand the traffic without depriving you of any advantages of the TLS protocol. For each client, the “fingerprint " remains static from session to session.

Malicious actions impacting web resources on the Internet. Attacks of this kind are usually classified into mass and targeted types. Attacks of the first type target a site as a whole and are usually automated. In mass attacks, attackers use their knowledge of popular tools and widespread vulnerabilities. Targeted attacks, on the other hand, are usually carried out by manually searching for vulnerabilities and exploiting them. The damage inflicted by an attack of this type can be fatal.

DoS attacks involving the use of UDP packets – large amounts of such packets with the source IP set to a victim server address are sent to ports of an amplification network. As a result, the victim server is forced to focus on processing the vast counts of spoofed packets.

A software robot designed for executing certain actions determined by algorithms or rules. Bots and bot networks installed on vulnerable nodes are often used for executing DoS and DDoS attacks.

A way to implement a DoS attack providing a manifold increase in impact on a victim server: a small number of bots initiate sending a huge amount of forged packets or requests, which severely slow down or paralyze the attacked server that tries to process them. The approach is used, e.g., in attacks based on the DNS and NTP protocols.

The use of a software intermediary (proxy) that processes traffic in a certain way for subsequent sending to another software program. Specifically, security proxies process traffic in such a way so as to prevent unauthorized traffic access and minimize the threat of network attacks.

Using illegal ways of affecting computer networks or individual nodes in order to promote political causes. Hacktivists usually participate in protest movements and try to attract as much attention as possible to the ideas they stand for.