Steve Gibbard wrote: If a few of you can stop being so pedantic for a second, the definition looks pretty easy to me: traffic unlikely to be wanted by the recipient.
This looks good to me although it also needs to include _return_ traffic from junk traffic (say, you flood a target with ICMP echo request, and the target does not rate-limit the ICMP echo reply; in that case the reply is junk as well as the request although it is wanted by the destination which is the attacker). Another way at looking at the issue is to measure how much traffic is legitimate. Your mileage may vary and I made up the following figures as they can greatly vary depending on the network, but... Let's say there's 50% of p2p file sharing, 10% of downloading pr0n, 5% of downloading services packs and anti-virus signatures and 15% of misc HTTP surfing, all of which I would consider legitimate and would also match Steve's definition, this already makes for 80% legit. Legal != legit IMHO. Although 99% of p2p file sharing traffic is likely illegal, it is legitimate (the destination wants to receive it). Michel.