If a few of you can stop being so pedantic for a second, the definition looks pretty easy to me: traffic unlikely to be wanted by the recipient. Presumably, if it's being sent that means somebody wanted to send it, so the senders' desires are a pretty meaningless metric.
The harder pieces are going to be defining what traffic is unwanted in a way that scales to large-scale measurement. Worm traffic is presumably measurable with Netflow, as are various protocol-types used mainly in DOS attacks. Spam is harder to pinpoint by watching raw traffic, but perhaps comparing the total volume of TCP/25 traffic to the SpamAssassain hit rates at some representative sample of mail servers could provide some reasonable numbers there. So, any of you security types have a list of the protocols that are more likely to be attack traffic than legitimate? -Steve On Wed, 5 May 2004, Mike Damm wrote: > > > Very very very near to, but not quite 100%. Since almost all of the traffic > on the Internet isn't sourced by or destined for me, I consider it junk. > > Also remember that to a packet kid, that insane flood of packets destined > for his target is the most important traffic in the world. And to a spammer, > the very mailings that are making him millions are more important than > pictures of someone's grandkids. > > I guess my point is junk is a very relative term. A study would need to > first be done to identify what junk actually is, then measuring it is > trivial. > > -Mike > > -----Original Message----- > From: William B. Norton [mailto:[EMAIL PROTECTED] > Sent: Wednesday, May 05, 2004 11:21 AM > To: [EMAIL PROTECTED] > Subject: What percentage of the Internet Traffic is junk? > > > With all the spam, infected e-mails, DOS attacks, ultimately blackholed > traffic, etc. I wonder if there has been a study that quantifies > > What percentage of the Internet traffic is junk? > > Bill >