REACT is based on a network of thousands of listening stations spread across the internet. When malicious traffic exits your network, we pick it up and notify you in real time.
We start with a a foundation of BGP, RIR, and name based data to give us a full picture of the network. On top of this we apply data from our own constellation of spamtraps, honeypots, crawlers, and probes, as well as data from major black lists, to discover abusive traffic tansiting the internet.
We track and include data on spam, viruses, worms, denial of service attacks, insecure web servers, open proxies, open relays, command & control, irc abuse, name server abuse, and other behaviors indicative of infected hosts and botnet activity.