Perhaps now I'm the one being pedantic, but you're confusing "somebody" with the owner of the resources involved in the sending. What I said was, "presumably, if it's being sent that means *somebody* wanted to send it." Otherwise, we have to consider somebody doing what would otherwise be legitimate web browsing from an untentionally open wireless access point to be junk traffic, which is both very hard to figure out in any large-scale analysis, and gives the numbers a very different meaning. -Steve On Wed, 5 May 2004, David Schwartz wrote:
I'm not sure that I'd agree with this statement. What about the traffic from compromised sources? The pps floods or spam emails are not being created with the knowledge of the source, so it would be hard to say that the source "wanted" to send it.
Exactly. A great example is a web server struggling to continue to accept connections in the face of a spoofed SYN flood. The SYN/ACK packets are junk.
The definition of "junk" is that the sender would not have wanted to send it or the receiver would not have wanted to receive it if either had had a chance to have the appropriate human or humans investiage the transaction in full detail.
Traffic you are duped into sending by traffic you wish you hadn't received or cannot distinguish from legitimate traffic is junk.
-------------------------------------------------------------------------------- Steve Gibbard scg@gibbard.org +1 415 717-7842 (cell) http://www.gibbard.org/~scg +1 510 528-1035 (home)