North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: What percentage of the Internet Traffic is junk?
At 12:55 PM 5/5/2004, Steve Gibbard wrote: Thanks Steve - good point. I have to believe that some of those that have solutions to some of these problems have made *some* measures so they can quantify the value of their solution.If a few of you can stop being so pedantic for a second, the definition looks pretty easy to me: traffic unlikely to be wanted by the recipient. Presumably, if it's being sent that means somebody wanted to send it, so the senders' desires are a pretty meaningless metric. Yea, we can't get absolute #'s, but I think it would be helpful to have a defensible approximation.The harder pieces are going to be defining what traffic is unwanted in a way that scales to large-scale measurement. Worm traffic is presumably measurable with Netflow, as are various protocol-types used mainly in DOS attacks. Spam is harder to pinpoint by watching raw traffic, but perhaps comparing the total volume of TCP/25 traffic to the SpamAssassain hit rates at some representative sample of mail servers could provide some reasonable numbers there. Or maybe those in the Research Community that have been doing traffic capture and analysis?So, any of you security types have a list of the protocols that are more likely to be attack traffic than legitimate? -Steve
|