Somewhere between 1 percent and 3 percent of all traffic on the Internet is meaningless packets of information, used in distributed denial-of-service attacks (DDoS) to knock Web sites offline.
Those are the findings of Arbor Networks, a network traffic analysis company that recently looked at traffic flowing between more than 68 Internet service providers to see how much of it was malicious.
"The thing that's surprising is it's consistently 1 to 3 percent," said Danny McPherson, Arbor's chief research officer. "It's pretty significant."
To purchase the bandwidth that Arbor tracked in these DDoS attacks, a legitimate user would have to pay hundreds of thousands of dollars per month, McPherson said.
That's not a problem for criminals, however, who use the network connections of their victims to attack others.
DDoS attacks try to overwhelm the victim's servers with routine Internet messages. Attackers try to send so many packets that the victim's computers are unable to do their regular job -- serving Web pages or sending e-mail, for example. They have become a common occurrence in recent years and have spawned a cottage industry of companies that try to mitigate their effects.
Studying the data from about 1,300 routers over 18 months, Arbor found that the tidal waves of SYN or ICMP (Internet Control Message Protocol) packets used in DDoS attacks rarely dropped below 1 percent of all traffic and could easily rise to 6 percent during peak periods.
Arbor's data show other trends too. Attacks drop off during Christmas and New Year's, perhaps while the attackers are "hungover or expending their spoils," McPherson wrote in a blog posting.
The most common targets are Internet Relay Chat (IRC) servers, commonly used by hackers and technical types to meet up online and chat with each other.
With spam now making up almost all e-mail traffic, there's a considerable amount of junk clogging the Internet's pipes.
McPherson guessed that as much as 10 percent of the Internet's traffic could be "raw sewage."