Re: What percentage of the Internet Traffic is junk?

["Marshall Eubanks" <tme () multicasttech com>]

Whenever I hear a question like this, I think of the weekly I2
netflow reports

http://netflow.internet2.edu/weekly/

http://netflow.internet2.edu/weekly/20040426/

Look at Table's 6, 7 and 8 - email, for example, is 1/2 %, so even if all email
is spam, it's not that  big a flow. Unidentified is typically about 30%, but
most of that is probably file sharing.

My opinion, from looking at these tables, is that probably little is junk, at least
in the eye's of the receiver.

Regards
Marshall Eubanks


On Wed, 05 May 2004 13:17:45 -0700
 "William B. Norton" <wbn () equinix com> wrote:
> At 12:55 PM 5/5/2004, Steve Gibbard wrote:
>
> > If a few of you can stop being so pedantic for a second, the definition
> > looks pretty easy to me: traffic unlikely to be wanted by the recipient.
> > Presumably, if it's being sent that means somebody wanted to send it, so
> > the senders' desires are a pretty meaningless metric.
>
> Thanks Steve - good point. I have to believe that some of those that have 
> solutions to some of these problems have made *some* measures so they can 
> quantify the value of their solution.
>
>
> > The harder pieces are going to be defining what traffic is unwanted in a
> > way that scales to large-scale measurement.  Worm traffic is presumably
> > measurable with Netflow, as are various protocol-types used mainly in DOS
> > attacks.  Spam is harder to pinpoint by watching raw traffic, but perhaps
> > comparing the total volume of TCP/25 traffic to the SpamAssassain hit
> > rates at some representative sample of mail servers could provide some
> > reasonable numbers there.
>
> Yea, we can't get absolute #'s, but I think it would be helpful to have a 
> defensible approximation.
>
>
> > So, any of you security types have a list of the protocols that are more
> > likely to be attack traffic than legitimate?
>
> Or maybe those in the Research Community that have been doing traffic 
> capture and analysis?
>
>
> > -Steve
> >
> > On Wed, 5 May 2004, Mike Damm wrote:
> >
> > > Very very very near to, but not quite 100%. Since almost all of the traffic
> > > on the Internet isn't sourced by or destined for me, I consider it junk.
> > >
> > > Also remember that to a packet kid, that insane flood of packets destined
> > > for his target is the most important traffic in the world. And to a 
> > spammer,
> > > the very mailings that are making him millions are more important than
> > > pictures of someone's grandkids.
> > >
> > > I guess my point is junk is a very relative term. A study would need to
> > > first be done to identify what junk actually is, then measuring it is
> > > trivial.
> > >
> > >   -Mike
> > >
> > > -----Original Message-----
> > > From: William B. Norton [mailto:wbn () equinix com]
> > > Sent: Wednesday, May 05, 2004 11:21 AM
> > > To: nanog () merit edu
> > > Subject: What percentage of the Internet Traffic is junk?
> > >
> > >
> > > With all the spam, infected e-mails, DOS attacks, ultimately blackholed
> > > traffic, etc. I wonder if there has been a study that quantifies
> > >
> > > What percentage of the Internet traffic is junk?
> > >
> > > Bill