A

Account Takeover (ATO)

An attack where a fraudster gains control of a legitimate user's account — typically through credential theft — and then uses it to steal funds, data, or reputation.

Anycast

A routing technique where multiple servers in different locations share the same IP address, and the internet's routing protocols automatically direct users to the nearest one.

ASN (Autonomous System Number)

A globally unique number identifying a network of IP prefixes under a single administrative routing policy, used by BGP to route traffic across the internet.

B

BGP (Border Gateway Protocol)

Border Gateway Protocol — the routing protocol that directs traffic between the ~75,000 autonomous systems that make up the public internet.

Bogon IP (Bogon, Martian address)

An IP address that should not be appearing on the public internet — either from a reserved range, an unallocated block, or a private range — and which routers should drop.

Botnet

A network of compromised devices ("bots") controlled remotely by an attacker, used to launch DDoS attacks, send spam, mine cryptocurrency, or brute-force credentials at scale.

Brute Force Attack (Brute-force attack, Password guessing attack)

An attack that tries a large number of passwords, keys, or codes against a login or encryption endpoint until one works.

Business Email Compromise (BEC, CEO fraud, invoice fraud)

A targeted fraud in which an attacker impersonates an executive or trusted vendor over email, convincing an employee to wire money, change bank details, or share sensitive data.

C

Carding (Credit card fraud, Card testing)

The testing, trading, and fraudulent use of stolen credit card data — including "card testing" on e-commerce checkouts to validate which stolen numbers still work.

CDN (Content Delivery Network)

Content Delivery Network — a globally distributed set of caching servers that serves website assets from a location close to the end user, reducing latency and shielding the origin server.

CIDR Notation (CIDR, Classless Inter-Domain Routing)

A compact way to describe an IP address range, written as an address followed by a slash and a prefix length like 192.0.2.0/24.

Command and Control (C2, C&C, Command-and-control server)

The infrastructure an attacker uses to send instructions to, and receive data from, malware-infected hosts in a botnet or targeted intrusion.

Comment Spam (Blog spam, Forum spam)

Automated posting of promotional or malicious messages to blog comment sections, forums, guestbooks, and other user-generated-content fields, usually to manipulate SEO or distribute links.

Credential Stuffing

An attack that replays username-password pairs from prior data breaches against other services, exploiting password reuse.

D

DDoS (Distributed Denial-of-Service)

A Distributed Denial-of-Service attack — coordinated traffic from many compromised devices that overwhelms a target and makes it unresponsive to legitimate users.

DDoS-as-a-Service (Booter, Stresser, DDoSaaS)

A commercial service that rents out DDoS attack capacity by the minute through a web dashboard, lowering the skill barrier for launching denial-of-service attacks.

DNS (Domain Name System)

The Domain Name System — the internet's phone book, translating human-readable domain names like example.com into numeric IP addresses.

Dual-Stack (Dual-stack networking)

A networking configuration where a device, server, or network runs both IPv4 and IPv6 simultaneously, allowing it to communicate with endpoints on either protocol.

E

Email Harvester (Email scraper, Address harvester)

A bot or script that crawls the web to scrape email addresses from public pages, directories, and leaked databases, building target lists for spam and phishing.

F

Firewall

A network security device or software layer that filters incoming and outgoing traffic based on rules, blocking or allowing packets by source, destination, port, protocol, or content.

G

GeoIP (IP geolocation, geolocation)

The practice of estimating a physical location (country, region, city) from an IP address by matching it against a database of allocated IP ranges.

H

Honeypot

A deliberately vulnerable or decoy system deployed on a network to attract attackers so their tools, techniques, and source IPs can be observed.

HTTP and HTTPS (HyperText Transfer Protocol, HTTP Secure)

HTTP is the request-response protocol of the web; HTTPS is HTTP running inside a TLS-encrypted channel, providing confidentiality, integrity, and server authentication.

I

ICMP (Internet Control Message Protocol)

The Internet Control Message Protocol — a companion protocol to IP used for diagnostic and error-reporting messages like ping and traceroute.

IP Address (Internet Protocol address)

A numeric label assigned to each device on a network so that it can send and receive data over the internet.

IPsec (Internet Protocol Security)

A suite of protocols that authenticates and encrypts IP packets at Layer 3, widely used for site-to-site VPNs, remote-access VPNs, and mobile carrier backhaul.

IPv4 (Internet Protocol version 4)

The original 32-bit Internet Protocol address format, providing about 4.3 billion unique addresses in dotted-decimal notation like 192.0.2.1.

IPv6 (Internet Protocol version 6)

The 128-bit successor to IPv4, written in eight groups of hexadecimal digits like 2001:db8::1, providing 340 undecillion unique addresses.

IXP (Internet Exchange Point, Internet Exchange)

Internet Exchange Point — a shared Layer 2 fabric where many networks meet to exchange traffic via public peering, usually through a route server and BGP sessions.

M

MAC Address (Media Access Control address, Hardware address, Physical address)

A 48-bit unique hardware identifier burned into every network interface card, used for local Ethernet and Wi-Fi delivery within a single network segment.

Malware (Malicious software)

Any software intentionally built to damage, disrupt, or gain unauthorized access to a system — including viruses, worms, ransomware, trojans, and spyware.

MTU (Maximum Transmission Unit)

The Maximum Transmission Unit — the largest packet size that a network link can carry in one go without fragmentation. The standard Ethernet MTU is 1,500 bytes.

N

NAT (Network Address Translation)

Network Address Translation — a technique that lets many devices on a private network share a single public IP address by rewriting source addresses and ports on outbound traffic.

P

Peering

A settlement-free interconnection between two networks that agree to exchange traffic directly, bypassing transit providers and reducing cost and latency.

Phishing

An attack that impersonates a trusted sender (brand, coworker, service) to trick the victim into handing over credentials, card data, or access tokens.

Port (Network port, TCP port, UDP port)

A 16-bit numeric endpoint (0 to 65,535) that allows a single IP address to host multiple network services at once, each addressable by a different port number.

Private IP (Private IP address, Internal IP, RFC 1918 address)

An IP address from one of the reserved ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) that is used inside a local network and is not routed on the public internet.

Proxy Server (Proxy, HTTP proxy, SOCKS proxy)

An intermediary server that forwards traffic between a client and a destination, masking the client's original IP address from the destination.

Public IP (Public IP address, External IP)

An IP address that is globally routable on the internet, assigned by an ISP or cloud provider, as opposed to a private IP that only works inside a local network.

R

Ransomware

Malware that encrypts a victim's files or locks their systems and demands payment — usually in cryptocurrency — for the decryption key and for the attackers not to publish stolen data.

RDAP (Registration Data Access Protocol)

The Registration Data Access Protocol — a modern JSON/HTTPS replacement for WHOIS that returns structured registration data for IP addresses, ASNs, and domain names.

Remote Access Trojan (RAT)

A type of malware that gives an attacker full, covert, interactive control of an infected computer — as if they were sitting at the keyboard.

Reverse DNS (rDNS, PTR lookup)

The process of resolving an IP address back to a hostname using PTR records in special DNS zones like in-addr.arpa (IPv4) and ip6.arpa (IPv6).

S

SIM Swapping (SIM swap, SIM hijacking, port-out scam)

A social-engineering attack against a mobile carrier that transfers a victim's phone number to a SIM the attacker controls, intercepting SMS codes and password-reset links.

Sinkhole

A technique that redirects traffic destined for a malicious domain or IP to a defender-controlled server, cutting off botnet command-and-control and collecting victim telemetry.

Skimming (Magecart, e-skimming, web skimming)

Theft of payment-card data at the point of entry — physical skimmers on ATMs and POS terminals, or malicious JavaScript (web skimming / Magecart) injected into checkout pages.

SMTP (Simple Mail Transfer Protocol)

Simple Mail Transfer Protocol — the standard protocol for sending email between mail servers on the internet, typically over port 25, 465, or 587.

Spam (Unsolicited bulk email, UBE)

Unsolicited bulk messaging — email, SMS, comments, or DMs — sent to large recipient lists for advertising, fraud, or malware delivery.

SSH Scanning

Automated scanning of the public internet for servers with open SSH (port 22), followed by brute-force login attempts against any that respond.

SSL/TLS (SSL, TLS, Transport Layer Security, Secure Sockets Layer)

Cryptographic protocols that encrypt communication between a client and a server, providing confidentiality, integrity, and authentication on top of TCP.

Subnet Mask

A 32-bit value that tells a device which portion of an IPv4 address identifies the network and which portion identifies the host.

T

TCP (Transmission Control Protocol)

Transmission Control Protocol — a reliable, connection-oriented transport protocol that guarantees ordered, error-checked delivery of packets between applications.

Tor (The Onion Router, Tor Browser)

An anonymity network that routes traffic through three volunteer-operated relays with layered encryption so that no single node knows both the source and the destination.

Traceroute (tracert, tracepath)

A network diagnostic tool that discovers each hop on the path from your device to a destination, listing every router in between and the latency to each.

Transit

The commercial internet service where one network pays another to carry its traffic to the rest of the internet, billed by bandwidth used (usually 95th-percentile).

U

UDP (User Datagram Protocol)

User Datagram Protocol — a lightweight, connectionless transport protocol that delivers packets with minimum overhead but no reliability guarantees.

V

VPN (Virtual Private Network)

A Virtual Private Network that encrypts a device's internet traffic and tunnels it through a remote server, masking the user's real IP address and location.

W

Web Crawler Abuse (Scraper abuse, Bad bot traffic)

Aggressive, unauthorized, or deceptive automated crawling of a website — scraping content, harvesting data, ignoring robots.txt, or overwhelming the server with request volume.

WHOIS

A decades-old protocol and public database for looking up the registered owner of an IP address, ASN, or domain name.

WireGuard

A modern VPN tunneling protocol designed to be simpler, faster, and more auditable than OpenVPN or IPsec — around 4,000 lines of code with a fixed modern cryptographic suite.