Internet background noise
Internet background noise (IBN, also known as Internet background radiation) consists of data packets on the Internet which are addressed to IP addresses or ports where there is no network device set up to receive them. These packets often contain unsolicited commercial or network control messages, or are the result of port scans and worm activities. The Conficker worm in particular is responsible for 70% of background noise generated by viruses looking for new victims.[citation needed] In addition to malicious activities, misconfigured hardware and leaks from private networks are also sources of background noise.[1] For example, some DSL modems have a hard-coded IP address to look up the correct time.
As of November 2010, it is estimated that 5.5 gigabits of background noise is generated every second.[2] It is also thought that a modem user loses about 20 bits per second of their bandwidth to unsolicited traffic.[3] Over the past decade, the amount of background noise for a section of the IPv4 address block that contains 17 million address, has increased from 1 to 50 Mbps. The newer IPv6 protocol, which has a much larger address space, will make it more difficult for viruses to scan ports and also limit the impact of misconfigured equipment.[2]
Internet background noise has been used to detect significant changes in Internet traffic and connectivity during the 2011 political unrest from IP address blocks that were geolocated to Libya.[4]
Backscatter is a term coined by Vern Paxson to describe Internet background noise resulting from a DDoS attack using multiple spoofed addresses.[5] This backscatter noise is used by network telescopes to indirectly observe large scale attacks in real time.
See also
References
- ↑ "Internet Background Radiation Revisited". Internet Measurement Conference. November 2010.
- ↑ 2.0 2.1 Ward, Mark (30 November 2010). "Tuning in to the background hum of the net". BBC News.
- ↑ Orlowski, Andrew (November 27, 2003). "Watching the Net's background radiation". The Register.
- ↑ Aben, Emile. "Unsolicited Internet Traffic from Libya". RIPE NCC. Retrieved 30 April 2011.
- ↑ Moore et al. Inferring Internet Denial-of-Service Activity, 2001