Ever since the mid 90’s when I first started getting unwanted packets arriving on my networks, I’ve been keeping an eye on what has been named the “Internet Background Radiation” (IBR).
Analogous to the real world background radiation that constantly zaps through our bodies, IBR is the constant hiss of seemingly random packets that arrive at your computer every second.
At first, the origin of these was mistyped commands or misconfigured programs. You could make new friends by emailing root@someaddresscom when a weird packet arrived from someaddress.com.
However after the internet worm we all knew what the future would bring.
About ten years ago the majority of the traffic was from automated scripts and scanners that would scan for open doors and systems with known vulnerabilities. Applications such as war-scanners that a script kiddy could run that would scan entire countries for vulnerable or interesting machines. A modern war-scanner is not constrained like war-dialers were in the speed at which a modem dials and connects (~45 seconds). On a good connection, tens of thousands of machines can be probed every minute.
All I see nowdays is a storm of packets from popular self replicating trojans and worms slamming against my firewalls.
A billion little virus tipped arrows snuffling for unarmoured flesh.
I own two class C domains. This means that I look 500 times larger than the average user. (No fat jokes please.)
Each IP address I own attracts ~200 kilobytes of IBR per hour.
That’s 4.8M per day.
1.7G per year.
With over 500 IP addresses that makes almost 1T per year of unwanted traffic.
Now If don’t count all the machines on the internet hidden behind NAT firewalls, my 2 Class Cs make up just ~0.000012 % of the entire real internet address range.
But keeping conservative on this – if every real IP gets the same amount of attention as my networks, this would mean close to eight thousand terabytes of internet background radiation every year across the entire internet.