Is Your Network Secretly Polluted? #cybersecurity #ipv6 #ipv4

Leslie Dagel, CTO of the Global Cyber Alliance, presented data from the organization’s global honey farm – a network of 200 sensors that capture malicious traffic targeting open IPv4 ports. Since 2018 the farm has logged billions of probes, and in a recent 114‑second window it recorded over 1,000 distinct attacks, illustrating how pervasive and continuous the threat landscape is.

The analysis highlighted bursty attack spikes, with TNET and SSH accounting for the majority of traffic. Multiple autonomous systems (ASes) generate background radiation, while coordinated campaigns such as Vault Typhoon and Marai exploit unpatched IoT devices, routers, and cameras. A newly published “pollution index” visualizes attack volume per country, normalized by population, revealing hotspots and the sheer scale – over 3,400 ASes and millions of individual IPs involved.

Dagel used vivid analogies, calling the unwanted traffic “microplastics” that contaminate the internet ecosystem. Notable examples include a surge of Chinese‑origin attacks on a Taiwanese sensor during the Vault Typhoon campaign and a single AS launching more than two million attacks. Even network service providers were implicated, with 6,778 IPs from that sector participating in the assault.

The implications are clear: persistent attack traffic degrades the reputation of IPv4 address blocks, leading to blocklisting and potential service disruption for businesses, especially cloud providers. Dagel urged industry collaboration to establish norms that curb pollution at the source, emphasizing that collective action is essential to protect IP value and maintain a functional internet.