The Interoute barometer project is a pro-bono effort to provide a metric indicating the relative security of the Internet environment as witnessed by various large Internet exchange points connected to by Interoute. At each observation point, traffic meta-data is observed, anonymised and matched statelessly against a wide set of pattern-matching rules to assess the nature of passing traffic. An endpoint is classified as "infected" if traffic is observed between the host and a set of known command-and-control servers. An endpoint is classified as "malicious" if the traffic is observed destined toward a well-understood attack victim. It is possible for an endpoint to be both "infected" and "malicious"
The observed data reports are analysed and updated once every 24 hours, and geographical location data inferred using publically available GeoIP databases. No data is retained beyond this period, and no inference is made toward personally identifiable information.