North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: What percentage of the Internet Traffic is junk?

  • From: William B. Norton
  • Date: Wed May 05 16:21:58 2004

At 12:55 PM 5/5/2004, Steve Gibbard wrote:

If a few of you can stop being so pedantic for a second, the definition
looks pretty easy to me: traffic unlikely to be wanted by the recipient.
Presumably, if it's being sent that means somebody wanted to send it, so
the senders' desires are a pretty meaningless metric.
Thanks Steve - good point. I have to believe that some of those that have solutions to some of these problems have made *some* measures so they can quantify the value of their solution.


The harder pieces are going to be defining what traffic is unwanted in a
way that scales to large-scale measurement.  Worm traffic is presumably
measurable with Netflow, as are various protocol-types used mainly in DOS
attacks.  Spam is harder to pinpoint by watching raw traffic, but perhaps
comparing the total volume of TCP/25 traffic to the SpamAssassain hit
rates at some representative sample of mail servers could provide some
reasonable numbers there.
Yea, we can't get absolute #'s, but I think it would be helpful to have a defensible approximation.


So, any of you security types have a list of the protocols that are more
likely to be attack traffic than legitimate?
Or maybe those in the Research Community that have been doing traffic capture and analysis?


-Steve

On Wed, 5 May 2004, Mike Damm wrote:

>
>
> Very very very near to, but not quite 100%. Since almost all of the traffic
> on the Internet isn't sourced by or destined for me, I consider it junk.
>
> Also remember that to a packet kid, that insane flood of packets destined
> for his target is the most important traffic in the world. And to a spammer,
> the very mailings that are making him millions are more important than
> pictures of someone's grandkids.
>
> I guess my point is junk is a very relative term. A study would need to
> first be done to identify what junk actually is, then measuring it is
> trivial.
>
> -Mike
>
> -----Original Message-----
> From: William B. Norton [mailto:[email protected]]
> Sent: Wednesday, May 05, 2004 11:21 AM
> To: [email protected]
> Subject: What percentage of the Internet Traffic is junk?
>
>
> With all the spam, infected e-mails, DOS attacks, ultimately blackholed
> traffic, etc. I wonder if there has been a study that quantifies
>
> What percentage of the Internet traffic is junk?
>
> Bill
>