In this article we discuss another type of Internet measurement data that can be useful in monitoring macroscopically visible Internet events: unsolicited packets destined to unused address space. Similar to the notion of Cosmic Microwave Background Radiation, this Internet “background noise” of unsolicited packets consists of packets sent by misconfigured hosts, hosts that are scanning the network, or victims of DoS attacks with spoofed source addresses.
[…]
Figure 3. Unsolicited Internet traffic during 18 – 21 February 2011 from IP address blocks that geolocated to Libya according to MaxMind GeoIP Lite database, January 2011 edition.
Figure 3 shows two distinct overnight outages consistent with Arbor Networks’s netflow measurements during the same period (18 – 21 February 2011). Interestingly in both cases, a small trickle of traffic begins right before the outage ends. Occasional traffic is often observed during these outages, which could be an artifact of traffic with spoofed IP addresses or inaccuracy in the geolocation database we used for prefix selection
Leave a Reply