Internet background noise

Last updated

Internet background noise (IBN, also known as Internet background radiation, by analogy with natural background radiation) consists of data packets on the Internet which are addressed to IP addresses or ports where there is no network device set up to receive them. Network telescopes observe the Internet background radiation.

Contents

These packets often contain unsolicited commercial or network control messages, backscatters, port scans, and worm activities.

Smaller devices such as DSL modems may have a hard-coded IP address to look up the correct time using the Network Time Protocol. If, for some reason, the hard-coded NTP server is no longer available, faulty software might retry failed requests up to every second, which, if many devices are affected, generates a significant amount of unnecessary request traffic.

Historical context

In the first 10 years of the Internet, there was very little background noise but with its commercialization in the 1990s the noise factor became a permanent feature.

The Conficker worm was responsible in 2010 [1] for a large amount of background noise generated by viruses looking for new victims. In addition to malicious activities, misconfigured hardware and leaks from private networks are also sources of background noise. [2]

2000s

As of November 2010, it is estimated that 5.5 gigabits (687.5 megabytes) of background noise are generated every second. [3]

It was also estimated in the early 2000s that a dial-up modem user loses about 20 bits per second of their bandwidth to unsolicited traffic. [4] Over the past decade, the amount of background noise for an IPv4 /8 address block (which contains 16.7 million address) has increased from 1 to 50  Mbit/s (1KB/s to 6.25MB/s). The newer IPv6 protocol, which has a much larger address space, will make it more difficult for viruses to scan ports and also limit the impact of misconfigured equipment. [3]

Internet background noise has been used to detect significant changes in Internet traffic and connectivity during the 2011 political unrest from IP address blocks that were geolocated to Libya. [5]

Backscatter is a term coined by Vern Paxson to describe Internet background noise resulting from a DDoS attack using multiple spoofed addresses. [6] This noise is used by network telescopes to indirectly observe large scale attacks in real time.

Related Research Articles

<span class="mw-page-title-main">IPv6</span> Version 6 of the Internet Protocol

Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion, and was intended to replace IPv4. In December 1998, IPv6 became a Draft Standard for the IETF, which subsequently ratified it as an Internet Standard on 14 July 2017.

<span class="mw-page-title-main">Denial-of-service attack</span> Type of cyber-attack

In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. The range of attacks varies widely, spanning from inundating a server with millions of requests to slow its performance, overwhelming a server with a substantial amount of invalid data, to submitting requests with an illegitimate IP address.

<span class="mw-page-title-main">IP address spoofing</span> Creating IP packets using a false IP address

In computer networking, IP address spoofing or IP spoofing is the creation of Internet Protocol (IP) packets with a false source IP address, for the purpose of impersonating another computing system.

<span class="mw-page-title-main">Network address translation</span> Protocol facilitating connection of one IP address space to another

Network address translation (NAT) is a method of mapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. The technique was originally used to bypass the need to assign a new address to every host when a network was moved, or when the upstream Internet service provider was replaced, but could not route the network's address space. It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable IP address of a NAT gateway can be used for an entire private network.

<span class="mw-page-title-main">Cable modem</span> Broadband Internet access device

A cable modem is a type of network bridge that provides bi-directional data communication via radio frequency channels on a hybrid fibre-coaxial (HFC), radio frequency over glass (RFoG) and coaxial cable infrastructure. Cable modems are primarily used to deliver broadband Internet access in the form of cable Internet, taking advantage of the high bandwidth of a HFC and RFoG network. They are commonly deployed in the Americas, Asia, Australia, and Europe.

Loopback is the routing of electronic signals or digital data streams back to their source without intentional processing or modification. It is primarily a means of testing the communications infrastructure.

This page provides an index of articles thought to be Internet or Web related topics.

A port scanner is an application designed to probe a server or host for open ports. Such an application may be used by administrators to verify security policies of their networks and by attackers to identify network services running on a host and exploit vulnerabilities.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

NetBIOS over TCP/IP is a networking protocol that allows legacy computer applications relying on the NetBIOS API to be used on modern TCP/IP networks.

UDP hole punching is a commonly used technique employed in network address translation (NAT) applications for maintaining User Datagram Protocol (UDP) packet streams that traverse the NAT. NAT traversal techniques are typically required for client-to-client networking applications on the Internet involving hosts connected in private networks, especially in peer-to-peer, Direct Client-to-Client (DCC) and Voice over Internet Protocol (VoIP) deployments.

Reverse-path forwarding (RPF) is a technique used in modern routers for the purposes of ensuring loop-free forwarding of multicast packets in multicast routing and to help prevent IP address spoofing in unicast routing.

<span class="mw-page-title-main">AMPRNet</span>

The AMPRNet or Network 44 is used in amateur radio for packet radio and digital communications between computer networks managed by amateur radio operators. Like other amateur radio frequency allocations, an IP range of 44.0.0.0/8 was provided in 1981 for Amateur Radio Digital Communications and self-administered by radio amateurs. In 2001, undocumented and dual-use of 44.0.0.0/8 as a network telescope began, recording the spread of the Code Red II worm in July 2001. In mid-2019, part of IPv4 range was sold off for conventional use, due to IPv4 address exhaustion.

<span class="mw-page-title-main">Computer network</span> Network that allows computers to share resources and communicate with each other

A computer network is a set of computers sharing resources located on or provided by network nodes. Computers use common communication protocols over digital interconnections to communicate with each other. These interconnections are made up of telecommunication network technologies based on physically wired, optical, and wireless radio-frequency methods that may be arranged in a variety of network topologies.

A network telescope is an Internet system that allows one to observe different large-scale events taking place on the Internet. The basic idea is to observe traffic targeting the dark (unused) address-space of the network. Since all traffic to these addresses is suspicious, one can gain information about possible network attacks as well as other misconfigurations by observing it.

In networking, a black hole refers to a place in the network where incoming or outgoing traffic is silently discarded, without informing the source that the data did not reach its intended recipient.

Backscatter is incorrectly automated bounce messages sent by mail servers, typically as a side effect of incoming spam.

Deep content inspection (DCI) is a form of network filtering that examines an entire file or MIME object as it passes an inspection point, searching for viruses, spam, data loss, key words or other content level criteria. Deep Content Inspection is considered the evolution of Deep Packet Inspection with the ability to look at what the actual content contains instead of focusing on individual or multiple packets. Deep Content Inspection allows services to keep track of content across multiple packets so that the signatures they may be searching for can cross packet boundaries and yet they will still be found. An exhaustive form of network traffic inspection in which Internet traffic is examined across all the seven OSI ISO layers, and most importantly, the application layer.

Port Control Protocol (PCP) is a computer networking protocol that allows hosts on IPv4 or IPv6 networks to control how the incoming IPv4 or IPv6 packets are translated and forwarded by an upstream router that performs network address translation (NAT) or packet filtering. By allowing hosts to create explicit port forwarding rules, handling of the network traffic can be easily configured to make hosts placed behind NATs or firewalls reachable from the rest of the Internet, which is a requirement for many applications.

Data center security is the set of policies, precautions and practices adopted at a data center to avoid unauthorized access and manipulation of its resources. The data center houses the enterprise applications and data, hence why providing a proper security system is critical. Denial of service (DoS), theft of confidential information, data alteration, and data loss are some of the common security problems afflicting data center environments.

References

  1. "ISP Column - October 2019". www.potaroo.net. Retrieved 2023-11-28.
  2. "Internet Background Radiation Revisited" (PDF). Internet Measurement Conference. November 2010.
  3. 1 2 Ward, Mark (30 November 2010). "Tuning in to the background hum of the net". BBC News .
  4. Orlowski, Andrew (27 November 2003). "Watching the Net's background radiation". The Register .
  5. Aben, Emile (23 March 2011). "Unsolicited Internet Traffic from Libya". RIPE NCC. Retrieved 30 April 2011.
  6. Moore et al. Inferring Internet Denial-of-Service Activity, 2001


This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.