Background Radiation

Over on The Register is a very interesting article about the Internet’s background radiation. Go read it if you haven’t. You’ll like it. What follows is my rambling.

At the end of their article, The Register asks the question, “Who should pay for the bits?” Wait. First of all, a little nitpicking: They say that Class B networks have 256^16 nodes. But that doesn’t really make sense to me. My trust Windows Calculator tells me that 256^16 = 3.4028236692093846346337460743177e+38, which is a lot. (Or I’ve uncovered some new math bug in the Intel P4 on my new laptop.) Now, I know from Computer Networks 101 that an IP address has 32 bits, meaning the whole internet has a theoretical maximum number of nodes of about 4 billion. (In reality, it’s less than that, but it’s easy to pretend.)

4 billion < 3.4028236692093846346337460743177e+38

Now, maybe they were talking about IPv6, which involves numbers too big for me to think about. In which case, rant retracted. Or am I just stupid?

Anyway…assuming IPv4: My calculations, based on their estimate of 20 labits per second, show about 41 MB per second for even a class A network. Now, while that certainly ins’t trivial, I’m guessing the number of l33t hax0r5 downloading the latest naked Christina Agulara pictures on any typical campus network use up twice that. So big deal. And even if the background noise keeps increasing, who cares? It can’t keep up with Christina.

More interesting to me than who pays for it is what can we learn from it? If we track something like this for a long time, can we really glean something truly meaningful? Where do these packets come from? Are they simply mis-routed? Perhaps they are evidence of a sinister plot between cosmic rays and probability, eagerly corrputing IP headers and checksums. More likely they are mostly the latest and greatest Microsoft worm scanning for new victims.

Personally, I think that such things are useful as a security measure. Dark nodes, scattered throughout the net, could provide a first-line of defense against the latest malware. See, if somebody actually access one of these dark nodes, they are either malicious or wrong, since a dark node cannot, by definition, actually advertise or provide any services to the Net. If the same pattern is noticed accross all nodes, then it could be a sign of a new problem. In essence, this could be a sort of honeypot for worms. And it can’t be hacked since the node doesn’t really exist!

Astute readers will note my coining of the term labit. It is a contraction of “lame bit”. I’ve decided to try and get into the Jargon File. Give me a hand and use the word, will you?