-
November 8th, 2005, 11:43 PM
#1
Detecting and stopping botnets????
The Australian government today announced a program with 5 ISPs here to try and track down 'Zombie' computers and notify end users that their computer is being used as a bot or part of a botnet.
Zdnet article:
http://news.zdnet.co.uk/internet/sec...9235796,00.htm
Press release from the minister:
http://www.minister.dcita.gov.au/med...to_zap_zombies
Obviously 5 ISPs does not cover the entire population but they have got the two biggest.
I think this is a good start and at least they are trying to do something but will it fix the underlying problems of end users not patching and keeping virus definitions up to date:
I see 2 issues:
1) What will they do when they detect a users machine with a botnet, will they give them the tools/information they need that will stop it from happening again or will they just tell them.
2) Given they have only covered 5 ISPs, for every one they detect I am sure there will be at least 1 that they don't detect.
-
November 8th, 2005, 11:53 PM
#2
i remember year or so back when one of my honeypots got infected ... so i got the login to the botnet an all there was around 7k of bots in chan .... i sent a netsend to all of them that they are infected and removed all of them was the kid pissed
Un Seen But Well Heard Of
-
November 9th, 2005, 12:05 AM
#3
I think the ISP's will disconnect the zombie's from the net..
The client will call the ISP's helldesk and be informed of the reason for being disconnected.
After the client cleans his/her box out, the ISP will reconnect the client.
The ISP's will possibly have to change their AUP.
But that's just my opinion on how this should be handled..
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio the best station for C64 Remixes !
-
November 9th, 2005, 04:32 AM
#4
I am wondering though will they say to them something like ......
"To help ensure that this doesn't happen again you should .......
(e.g. ensure all the latest patches, install and continually update anti-spyware and anti virus, and run a personal firewall)
...."
Instead of disconnecting them, till it is fixed and then reconnecting them again where they again don't have AV, antispyware, personal firewall, latest patches, they still go to dodgy websites and get infected again and the cycle starts al over again.
Just hope they provide that bit of extra customer service to try and stop the problem reoccuring.
I guess we will have to wait and see.
-
November 9th, 2005, 07:22 PM
#5
Just hope they provide that bit of extra customer service to try and stop the problem reoccuring.
Not where I live. My gf's sister got booted because she was infected. The ISP just told her the reason why, not how to correct it. I fixed up her computer and she is back on the net.
-
November 9th, 2005, 09:35 PM
#6
In my country most of ISP blocks computers or just some ports(in some cases) if some dangerous network related vurnality was detected.
Thay also giving some AV and a litlebit support for customers.
But most of homeusers not good on reading that info that thay getting, thay need just working computer. Someof them are so .... that thay not understan that support exist or meaning of the word "support".
// too far away outside of limit
-
November 9th, 2005, 10:16 PM
#7
Think about this for a second. Is it the job of your ISP to police your activities or to provide you with a wide open pipe to the internet?
I for one hate it when my ISP does something in the name of the greater good when 99% of this "greater good" translates into me losing services because a bunch of dumbasses don't understand the proper way to secure their system.
An example of this is egress filtering port 25. This doesn't solve the SPAM problem. What it does is hinder my activities as a paying customer. What if your cable company told you they are going to revamp the content on HBO because some kid decided to light himself on fire? You'd say that the dummy deserved it and I'm paying cold hard cash for cable so if you like your limbs attached you best not touch a damn thing.
Seriously, I don't understand why people are so quick to think that ISPs are helping out by taking services away that you pay for. ISPs are companies who care about the bottom line. If taking away from you adds to that healthy profit margin, no one on their side of the table will mind bending you over a barrel. Remember, they understand that 7,000 calls an hour from dum dums costs a lot of bling. If they can take away abilities from you knowing you wont complain and at the same time save money, pffffft, done deal.
Now, as for bots, don't worry. There are highly skilled folks out there hunting them down and clipping them around the clock.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|