Slashdot Mirror

← Back to Stories (view on slashdot.org)

Shutting Down Worm-Infected Broadband Users

Posted by ryuzaki0 on from the tough-beans-people dept.

disc-chord writes "Frustrated by Code Red and now Nimda, the DSL provider DSL.net (a CLEC and reseller of Covad) has shut off 800+ infected customers. They claim they cannot get in touch with all of their customers, so they're just shutting them all down, and waiting for the customer to call them. When/if the customer does call they are informed that they are infected with the Nimda virus and must remove it before they will be reactivated. But how are customers supposed to fix the problem when their internet connection is shut down? " I say tough beans: If you get infected, it's your responsibility to get yourself cleaned up. The Internet is a peer-to-peer system where one peer can piss in the public pool. These ISPs are doing a good thing by keeping this crap off the net. Sure, a nicer tactic would be to disable low port numbers for infected users (my provider doesn't let them through in the first place) but this would likely just confuse users. At least this way they know what's up. Flame if you will, but all these worms are going to only get worse since Microsoft will never fix the problem without making sure people have to pay a monthly subscription for their OS, and users are unaware that they have to patch their boxes. ISPs shouldn't have to be responsible for their users this way, but they are responsible for keeping their other users online, and a few infected boxes can cause a lot of havoc for the whole net.

7 of 594 comments (clear)

  1. Re:Why? by clare-ents · · Score: 4, Interesting

    You attempted to hack their webserver. Anyone who attempts to hack them gets their connection cut off. Seems a relatively sensible policy in the terms and conditions to me.

    --
    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. (Einstein)
  2. Re:Why? by Jace+of+Fuse! · · Score: 5, Interesting

    They are just packets and that should be that.

    They care because the traffic generated by infected systems can be costly in both cash value and time. Not to mention the fact that there could be liability issues if they knew of infected systems but did nothing about it.

    Besides, if there are 3 vulnerable systems on a network, and 1 infected system, the responsible thing to do is to protect the 3 remaining uninfected systems.

    (This is a bit off topic, but I figured I'd mention it here for those who think that viruses and worms don't cost anyone any real money...

    Wednesday the 19th, my place of employment had to shut down entirely between the hours of about 7pm till around 10pm. Where I work, that kind of shut down costs tens of thousands of dollars. Not to mention all of the hourly workers who were sent home at 7pm. Since their shift ended at 11, they were literally out 4 hours of pay even though they don't actually work with the systems that were effected. Lost production. Lost sales. Lost wages. One tiny, preventable worm.)

    --

    "Everything you know is wrong. (And stupid.)"

    Moderation Totals: Wrong=2, Stupid=3, Total=5.
  3. Re:The stick and carrot by Tom · · Score: 2, Interesting

    nice idea, but quite impractical in real life - your routers won't survive this load.

    I work at an ISP, I know what I'm talking about. when code red ran rampant, we knew of a way to filter it out at the border routers, but the additional load would've killed them, so we didn't.

    --
    Assorted stuff I do sometimes: Lemuria.org
  4. Arbitrary Decisions by SubtleNuance · · Score: 2, Interesting

    I pay for DSL, i can run *WHATEVER* i want on it. Saying "tough beans" is a little short sighted.

    If, on the other hand, they would like to have me charged me (as in contact the RCMP or %your_local_federal_police%) for cracking i would 'understand'... the rule of law is always the highest order, to simply make endless arrays of rules in contracts - and force people to abide by them (least they go without(be martyrs)) then why have Law? Why have Legislature? Corporate COntracts for all manner of 'things' are creaping into every crack of life. These "contracts" force people to give up their rights in order to exist in a corporate controlled world... think IM nuts? go read some of the EULA discussed on /. this week... NO CONTRACT SHOULD EVER LIMIT FUNDEMENTAL HUMAN RIGHTS.

    This isnt exactly a 'cut and dry' issue, these contracts basically allow, arbitrary 'for the greater good' decisions to be made by the DSL providers... I know that their TOS probably say "no bandwidth hogging servers" but, when ALL DSL is provided under the same TOS it becomes a method for DSL providers to make decisions about what I may - and may not - run on my box. I pay for bandwidth, allowing them to decided what data i may send and rec oversteps the bounds on my 'RIPE FOR ABUSE' meter.

    Think of the Censorship analogy - if they can censor some speech, then they are only an 'arbitrary decision' away from censoring *YOUR* speech. Whats to stop them from saying "you cannot download streaming OGG because there is no publisher-protection-scheme built it, and you may be violating copyright...

    again, i may sound a bit unreasonable, or maybe paranoid, OBVIOUSLY I am not saying we want to allow these worms to run, but we must be weary of 'seemingly' reasonable decisions when made by 'powerful' (plutocratic) people.

  5. Re:Why? by Herbmaster · · Score: 2, Interesting

    There's no question if ISPs have the responsibility to shut down worm`ed users. In my opinion, no, it's not their job.

    The question is are ISPs entitled to shut down users just because they get infected? If they're being a good netizen by doing so (and they are), then yes, they should, because it benefits the community (their other customers, whom they have a responsibility to serve, mainly, but the entire internet essentially). Not because the worm uses up too much bandwidth; bandwidth is plentiful, but because proliferating the worm sucks eggs.

    I'd also like to note that this is not just a matter of "users should be responsible for their own systems." In the past, I would have absolutely agreed with this: users have the responsibility to make sure computers under their control are patched and safe to the best of their ability, and if a patch is out, it's their fault if they don't have it. But in the past few weeks I've been [unfortunately] using IIS frequently. I saw the worm hit my workplace on Wednesday and it really hurt. I also saw why so many are vulnerable to it: Microsoft makes keeping a server up to date a hellish process. Specifically, I refer to the facts that install CDs are only available in old, deprecated versions; it's often difficult to tell what version you're running, let alone what patch level; the numbering scheme for updates/patches/"service packs" is illogical and version numbers are often duplicated; and most importantly, that for some retarded reason applying patches in the wrong order can un-do fixes you've already applied. Microsoft has got to share some of the blame this time; maybe not as much as the perpetrators, or maybe even the users, but they fucked up.

    --
    I'm not a smorgasbord.
  6. I think that's exactly the right thing to do by uriyan · · Score: 2, Interesting

    Using a computer is a lot like driving a car, from the point of view of responsibility taken. A normal PC is like some family wagon: relatively cheap, quick and quite safe. Running a web-server is a lot like driving an 18-wheeler.

    A person who runs a web server has to defend himself fromm all the security risks that he might face, exactly in the same way as a truck driver has to maintain his brake system. Of course, one can get along driving a truck without tuning it all but then what can protect him from wet slopes in stormy weather?

    Lots of people install a web server either because they don't bother to look at what they install, or because they think it cool. But web servers are not children's toys; if people aren't aware of the harm they're causing, they must be stopped.

    I live in Israel. In the last few days I've been getting quite a lot of internal ISP trafic bound to my port 80 (luckily I run Apache and a firewall). Many of the people from whose IPs (dial-up!) I've been getting connections haven't even bothered to shut down their FTP servers (which were of course MS-FTP). Those morons deserve to be thrown out.

  7. Re:Yet Another Linux Bigot (YALB) by DeanT · · Score: 2, Interesting
    Wow. What a silly comment.

    How many 75 year old senior citizens do you know that run a webserver?

    [...]

    Help users? How do we get in contact with someone using just their IP? You could make thousands with a technical innovation like that... Sell me the rights, please.
    Regarding kicking off the senior citizen that doesn't know they're infected: That same person (no matter what age) knows that something is wrong when the "Check Engine Light" comes on and takes the car in for service if they don't want the car ruined.

    I see NO difference here. They may not know why they can't connect. They call the ISP help line. The notes in the account indicate it was cut off for Nimba Infection.

    "What do I do?"

    "Take your computer to any of the dozens of computer repair/service/consultant places in your local phone book. Tell them you have a Nimba Infection and give them this phone number if they have questions."

    There is a cost associated with running a computer, either you pay it with time learning how to run/configure/maintain it, or you pay it with dollars paying the consultant to take care of it for you.

    DeanT