
Internet background noise
    
    Encyclopedia
    
        Internet background noise (IBN, also known as Internet background radiation) consists of data packets on the Internet
which are addressed to IP address
es or port
s where there is no network device set up to receive them. These noise packets normally contain unsolicited commercial or network control messages
, or are the result of port scans and worm
activities. The Conficker
worm in particular is responsible for 70% of background noise generated by viruses looking for new victims. In addition to malicious activities, misconfigured hardware, and leaks from private networks are also sources of background noise. For example, some DSL modems have a hard-coded IP address to look up the correct time. As the number of these modems grew, the amount of internet traffic they generated also increased.
As of November 2010, it is estimated that 5.5 gigabits of background noise is generated every second. It is also thought that a modern user loses about 20 bits per second to unsolicited traffic. Over the past decade, the amount of background noise for a section of the IPv4 address block that contains 17 million address, has increased from 1 to 50 Mbps. The newly designed IPv6
protocol, which has a much larger address space, will make it more difficult for viruses to scan ports and also limit the impact of misconfigured equipment.
Internet background noise has been used to detect significant changes in Internet traffic and connectivity during the 2011 political unrest
from IP address blocks that were geolocated
to Libya.
Backscatter is a term coined by Vern Paxson
to describe Internet background noise resulting from a DDoS attack using multiple spoofed addresses. This backscatter noise is used by network telescope
s to indirectly observe large scale attacks in real time.
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite  to serve billions of users worldwide...
which are addressed to IP address
IP address
An Internet Protocol address  is a numerical label assigned to each device  participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
es or port
TCP and UDP port
In computer networking, a port is an application-specific or process-specific software construct serving as a communications endpoint in a computer's host operating system. A port is associated with an IP address of the host, as well as the type of protocol used for communication...
s where there is no network device set up to receive them. These noise packets normally contain unsolicited commercial or network control messages
Internet Control Message Protocol
The Internet Control Message Protocol  is one of the core protocols of the Internet Protocol Suite. It is chiefly used by the operating systems of networked computers to send error messages indicating, for example, that a requested service is not available or that a host or router could not be...
, or are the result of port scans and worm
Computer worm
A computer worm is a self-replicating  malware computer program, which uses a computer network to send copies of itself to other nodes  and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach...
activities. The Conficker
Conficker
Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008...
worm in particular is responsible for 70% of background noise generated by viruses looking for new victims. In addition to malicious activities, misconfigured hardware, and leaks from private networks are also sources of background noise. For example, some DSL modems have a hard-coded IP address to look up the correct time. As the number of these modems grew, the amount of internet traffic they generated also increased.
As of November 2010, it is estimated that 5.5 gigabits of background noise is generated every second. It is also thought that a modern user loses about 20 bits per second to unsolicited traffic. Over the past decade, the amount of background noise for a section of the IPv4 address block that contains 17 million address, has increased from 1 to 50 Mbps. The newly designed IPv6
IPv6
Internet Protocol version 6  is a version of the Internet Protocol . It is designed to succeed the Internet Protocol version 4...
protocol, which has a much larger address space, will make it more difficult for viruses to scan ports and also limit the impact of misconfigured equipment.
Internet background noise has been used to detect significant changes in Internet traffic and connectivity during the 2011 political unrest
2011 Libyan civil war
The 2011 Libyan civil war  was an armed conflict in the North African state of Libya, fought between forces loyal to Colonel Muammar Gaddafi and those seeking to oust his government. The war was preceded by protests in Benghazi beginning on 15 February 2011, which led to clashes with security...
from IP address blocks that were geolocated
Geolocation
Geolocation is the identification of the real-world geographic location of an object, such as a radar, mobile phone or an Internet-connected computer terminal...
to Libya.
Backscatter is a term coined by Vern Paxson
Vern Paxson
Vern Edward Paxson is a Professor of Computer Science at the University of California, Berkeley. He also works as an Internet researcher based at the International Computer Science Institute in Berkeley, California.  His interests range from transport protocols to intrusion detection and worms...
to describe Internet background noise resulting from a DDoS attack using multiple spoofed addresses. This backscatter noise is used by network telescope
Network telescope
A network telescope  is an Internet system that allows one to observe different large-scale events taking place on the Internet. The basic idea is to observe traffic targeting the dark  address-space of the network...
s to indirectly observe large scale attacks in real time.


