Shutting Down Worm-Infected Broadband Users

disc-chord writes "Frustrated by Code Red and now Nimda, the DSL provider DSL.net (a CLEC and reseller of Covad) has shut off 800+ infected customers. They claim they cannot get in touch with all of their customers, so they're just shutting them all down, and waiting for the customer to call them. When/if the customer does call they are informed that they are infected with the Nimda virus and must remove it before they will be reactivated. But how are customers supposed to fix the problem when their internet connection is shut down? " I say tough beans: If you get infected, it's your responsibility to get yourself cleaned up. The Internet is a peer-to-peer system where one peer can piss in the public pool. These ISPs are doing a good thing by keeping this crap off the net. Sure, a nicer tactic would be to disable low port numbers for infected users (my provider doesn't let them through in the first place) but this would likely just confuse users. At least this way they know what's up. Flame if you will, but all these worms are going to only get worse since Microsoft will never fix the problem without making sure people have to pay a monthly subscription for their OS, and users are unaware that they have to patch their boxes. ISPs shouldn't have to be responsible for their users this way, but they are responsible for keeping their other users online, and a few infected boxes can cause a lot of havoc for the whole net.

MS never fix?

[onion2k]

Microsoft will never fix the problem without making sure people have to pay a monthly subscription

I could have sworn both the Code Red and Nimda (multiple) exploits were patched in October *last year*.

Yes its the fault of the users not keeping their machines up-to-date, but please, don't blame this on MS when they released, and advertised, a patch promptly. Heck, it'd be like some idiot running an old version of Sendmail blaming the sendmail author(s) on his box getting hacked. If you're on the net, its you responibility to stay safe.

Re:MS never fix?

[Syberghost]

He said "fix the problem", not "bandaid the current exploits".

The problem is that security is nothing resembling a priority to Microsoft. Security is something to be added after the fact, by people who know little about designing a secure OS, in response to complaints. And at that, only if the complaints come from big customers.

case in point.

The stick and carrot

[CunningPike]

I'm in favour of ISPs locking out infected machines that have demonstrated no attempt at fixing the problem. After all, these people have shown a blatant distregard of basic sysadmin responsibilies: how long has CodeRed been known about now?

However, here's a suggestion for a better response than simply removing Internet access to/from infected machines. The ISP runs some kind of DMZ server, but on the DSL side. All web traffic from infect machines is redirected to that one server (via transparent proxying), all other traffic is blocked. That way the end user can instantly see what's wrong. The ISP can also mirror the relevant patches on the DMZ so the end-user can get back up again as fast as possible.

It would take some setting up initially, but would reap substantial rewards in the long run.

Re:Why?

[Simon+Brooke]

Why is it an ISPs job to have any concern over what's passing across the wires?

I pay a lot of money for my leased line. So do my ISP's other customers. A substantial fraction of my expensive bandwidth is being eaten up because other people (mostly also customers of my ISP) can't be bothered to patch their systems. The service my ISP is able to provide me is consequently degraded, and I'm not happy about it.

If an ISP emerges who only accepts clueful customers, I'm likely to move my account. ISPs know this: if they don't switch off the clueless (and consequently troublesome) customers, they will lose the clueful (and consequently more profitable) ones.

I'm getting to the point where I think there would be some merit in having to pass a test, like a driving test, before you can connect your computer to the public information infrastructure.