Abstract:
How much use would your mobile phone be if it received thirty wrong numbers or thirty crank calls per hour? How much use would your home letter box be if there was a risk of setting off a letter bomb while reaching in to retrieve the morning mail? These examples are analogous to the impact that Internet Background Radiation has on the ability of Internet users to make effective use of the Internet. Internet Background Radiation (IBR) is defined as unsolicited, non productive traffic. Often this traffic is malicious in nature or origin. IBR traffic can contribute a large percentage to an Internet users total traffic, and therefore their monthy ISP bill. Providing an Internet user with knowledge about the IBR traffic destined for their network, allows that user an opportunity to configure their network security system to block this IBR traffic.
The detection of IBR traffic has traditionally been performed by Network Telescopes: large portions of unused IP address space which gather this unsolicited traffic for analysis. This thesis deploys a Network Telescope and associated analysis tools in order to answer the following three research questions: (1) Are there Network Telescope deployment methodologies which reduce the reliance on a large contiguous IP address range? (2) Can Network Telescopes deployed using smaller IP address ranges provide the same detection capabilities as those on larger IP address ranges? (3) Is IBR traffic uniformly distributed across a given address range?
The conclusions of this thesis present three new Network Telescope deployment methodologies which utilise less IP address space yet yield a detection advantage over the traditional deployment methodology. In addition to this, it is shown that IBR traffic is not uniformly distributed across address ranges and that this fact must be taken into account when deploying Network Telescopes. Finally a 15 month, 210 Gigabyte data set of IBR traffic is made available to the research community.