At 12:55 PM 5/5/2004, Steve Gibbard wrote:
If a few of you can stop being so pedantic for a second, the definition looks pretty easy to me: traffic unlikely to be wanted by the recipient. Presumably, if it's being sent that means somebody wanted to send it, so the senders' desires are a pretty meaningless metric.
Thanks Steve - good point. I have to believe that some of those that have solutions to some of these problems have made *some* measures so they can quantify the value of their solution.
The harder pieces are going to be defining what traffic is unwanted in a way that scales to large-scale measurement. Worm traffic is presumably measurable with Netflow, as are various protocol-types used mainly in DOS attacks. Spam is harder to pinpoint by watching raw traffic, but perhaps comparing the total volume of TCP/25 traffic to the SpamAssassain hit rates at some representative sample of mail servers could provide some reasonable numbers there.
Yea, we can't get absolute #'s, but I think it would be helpful to have a defensible approximation.
So, any of you security types have a list of the protocols that are more likely to be attack traffic than legitimate?
Or maybe those in the Research Community that have been doing traffic capture and analysis?
-Steve
On Wed, 5 May 2004, Mike Damm wrote:
Very very very near to, but not quite 100%. Since almost all of the traffic on the Internet isn't sourced by or destined for me, I consider it junk.
Also remember that to a packet kid, that insane flood of packets destined for his target is the most important traffic in the world. And to a
spammer,
the very mailings that are making him millions are more important than pictures of someone's grandkids.
I guess my point is junk is a very relative term. A study would need to first be done to identify what junk actually is, then measuring it is trivial.
-Mike
-----Original Message----- From: William B. Norton [mailto:wbn@equinix.com] Sent: Wednesday, May 05, 2004 11:21 AM To: nanog@merit.edu Subject: What percentage of the Internet Traffic is junk?
With all the spam, infected e-mails, DOS attacks, ultimately blackholed traffic, etc. I wonder if there has been a study that quantifies
What percentage of the Internet traffic is junk?
Bill