Internet background noise (IBN, also known as Internet background radiation, by analogy with natural background radiation) consists of data packets on the Internet which are addressed to IP addresses or ports where there is no network device set up to receive them. Network telescopes observe the Internet background radiation.
These packets often contain unsolicited commercial or network control messages, backscatters, port scans, and worm activities.
Smaller devices such as DSL modems may have a hard-coded IP address to look up the correct time using the Network Time Protocol. If, for some reason, the hard-coded NTP server is no longer available, faulty software might retry failed requests up to every second, which, if many devices are affected, generates a significant amount of unnecessary request traffic.
Historical context
editIn the first 10 years of the Internet, there was very little background noise but with its commercialization in the 1990s the noise factor became a permanent feature.
The Conficker worm was responsible in 2010[1] for a large amount of background noise generated by viruses looking for new victims. In addition to malicious activities, misconfigured hardware and leaks from private networks are also sources of background noise.[2]
2000s
editAs of November 2010, it is estimated that 5.5 gigabits (687.5 megabytes) of background noise are generated every second.[3]
It was also estimated in the early 2000s that a dial-up modem user loses about 20 bits per second of their bandwidth to unsolicited traffic.[4] Over the past decade, the amount of background noise for an IPv4 /8 address block (which contains 16.7 million address) has increased from 1 to 50 Mbit/s (1KB/s to 6.25MB/s). The newer IPv6 protocol, which has a much larger address space, will make it more difficult for viruses to scan ports and also limit the impact of misconfigured equipment.[3]
Internet background noise has been used to detect significant changes in Internet traffic and connectivity during the 2011 political unrest from IP address blocks that were geolocated to Libya.[5]
Backscatter is a term coined by Vern Paxson to describe Internet background noise resulting from a DDoS attack using multiple spoofed addresses.[6] This noise is used by network telescopes to indirectly observe large scale attacks in real time.
References
edit- ^ "ISP Column - October 2019". www.potaroo.net. Retrieved 2023-11-28.
- ^ "Internet Background Radiation Revisited" (PDF). Internet Measurement Conference. November 2010.
- ^ a b Ward, Mark (30 November 2010). "Tuning in to the background hum of the net". BBC News.
- ^ Orlowski, Andrew (27 November 2003). "Watching the Net's background radiation". The Register.
- ^ Aben, Emile (23 March 2011). "Unsolicited Internet Traffic from Libya". RIPE NCC. Retrieved 30 April 2011.
- ^ Moore et al. Inferring Internet Denial-of-Service Activity Archived 2012-02-05 at the Wayback Machine, 2001