Detecting and stopping botnets????
Results 1 to 7 of 7

Thread: Detecting and stopping botnets????

  1. #1
    Member
    Join Date
    Aug 2005
    Posts
    98

    Detecting and stopping botnets????

    The Australian government today announced a program with 5 ISPs here to try and track down 'Zombie' computers and notify end users that their computer is being used as a bot or part of a botnet.

    Zdnet article:
    http://news.zdnet.co.uk/internet/sec...9235796,00.htm

    Press release from the minister:
    http://www.minister.dcita.gov.au/med...to_zap_zombies

    Obviously 5 ISPs does not cover the entire population but they have got the two biggest.

    I think this is a good start and at least they are trying to do something but will it fix the underlying problems of end users not patching and keeping virus definitions up to date:
    I see 2 issues:
    1) What will they do when they detect a users machine with a botnet, will they give them the tools/information they need that will stop it from happening again or will they just tell them.
    2) Given they have only covered 5 ISPs, for every one they detect I am sure there will be at least 1 that they don't detect.

  2. #2
    Senior Member st1mpy's Avatar
    Join Date
    Jun 2003
    Posts
    111
    i remember year or so back when one of my honeypots got infected ... so i got the login to the botnet an all there was around 7k of bots in chan .... i sent a netsend to all of them that they are infected and removed all of them was the kid pissed
    Un Seen But Well Heard Of

  3. #3
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,535
    I think the ISP's will disconnect the zombie's from the net..
    The client will call the ISP's helldesk and be informed of the reason for being disconnected.

    After the client cleans his/her box out, the ISP will reconnect the client.

    The ISP's will possibly have to change their AUP.

    But that's just my opinion on how this should be handled..
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  4. #4
    Member
    Join Date
    Aug 2005
    Posts
    98
    I am wondering though will they say to them something like ......

    "To help ensure that this doesn't happen again you should .......
    (e.g. ensure all the latest patches, install and continually update anti-spyware and anti virus, and run a personal firewall)

    ...."

    Instead of disconnecting them, till it is fixed and then reconnecting them again where they again don't have AV, antispyware, personal firewall, latest patches, they still go to dodgy websites and get infected again and the cycle starts al over again.

    Just hope they provide that bit of extra customer service to try and stop the problem reoccuring.

    I guess we will have to wait and see.

  5. #5
    Senior Member
    Join Date
    Feb 2004
    Posts
    373
    Just hope they provide that bit of extra customer service to try and stop the problem reoccuring.
    Not where I live. My gf's sister got booted because she was infected. The ISP just told her the reason why, not how to correct it. I fixed up her computer and she is back on the net.

  6. #6
    Senior Member
    Join Date
    Oct 2003
    Posts
    394
    In my country most of ISP blocks computers or just some ports(in some cases) if some dangerous network related vurnality was detected.
    Thay also giving some AV and a litlebit support for customers.

    But most of homeusers not good on reading that info that thay getting, thay need just working computer. Someof them are so .... that thay not understan that support exist or meaning of the word "support".
    // too far away outside of limit

  7. #7
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Think about this for a second. Is it the job of your ISP to police your activities or to provide you with a wide open pipe to the internet?

    I for one hate it when my ISP does something in the name of the greater good when 99% of this "greater good" translates into me losing services because a bunch of dumbasses don't understand the proper way to secure their system.

    An example of this is egress filtering port 25. This doesn't solve the SPAM problem. What it does is hinder my activities as a paying customer. What if your cable company told you they are going to revamp the content on HBO because some kid decided to light himself on fire? You'd say that the dummy deserved it and I'm paying cold hard cash for cable so if you like your limbs attached you best not touch a damn thing.

    Seriously, I don't understand why people are so quick to think that ISPs are helping out by taking services away that you pay for. ISPs are companies who care about the bottom line. If taking away from you adds to that healthy profit margin, no one on their side of the table will mind bending you over a barrel. Remember, they understand that 7,000 calls an hour from dum dums costs a lot of bling. If they can take away abilities from you knowing you wont complain and at the same time save money, pffffft, done deal.


    Now, as for bots, don't worry. There are highly skilled folks out there hunting them down and clipping them around the clock.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides