Slashdot Mirror

← Back to Stories (view on slashdot.org)

Shutting Down Worm-Infected Broadband Users

Posted by ryuzaki0 on from the tough-beans-people dept.

disc-chord writes "Frustrated by Code Red and now Nimda, the DSL provider DSL.net (a CLEC and reseller of Covad) has shut off 800+ infected customers. They claim they cannot get in touch with all of their customers, so they're just shutting them all down, and waiting for the customer to call them. When/if the customer does call they are informed that they are infected with the Nimda virus and must remove it before they will be reactivated. But how are customers supposed to fix the problem when their internet connection is shut down? " I say tough beans: If you get infected, it's your responsibility to get yourself cleaned up. The Internet is a peer-to-peer system where one peer can piss in the public pool. These ISPs are doing a good thing by keeping this crap off the net. Sure, a nicer tactic would be to disable low port numbers for infected users (my provider doesn't let them through in the first place) but this would likely just confuse users. At least this way they know what's up. Flame if you will, but all these worms are going to only get worse since Microsoft will never fix the problem without making sure people have to pay a monthly subscription for their OS, and users are unaware that they have to patch their boxes. ISPs shouldn't have to be responsible for their users this way, but they are responsible for keeping their other users online, and a few infected boxes can cause a lot of havoc for the whole net.

2 of 594 comments (clear)

  1. Re:Why? by Jace+of+Fuse! · · Score: 5, Interesting

    They are just packets and that should be that.

    They care because the traffic generated by infected systems can be costly in both cash value and time. Not to mention the fact that there could be liability issues if they knew of infected systems but did nothing about it.

    Besides, if there are 3 vulnerable systems on a network, and 1 infected system, the responsible thing to do is to protect the 3 remaining uninfected systems.

    (This is a bit off topic, but I figured I'd mention it here for those who think that viruses and worms don't cost anyone any real money...

    Wednesday the 19th, my place of employment had to shut down entirely between the hours of about 7pm till around 10pm. Where I work, that kind of shut down costs tens of thousands of dollars. Not to mention all of the hourly workers who were sent home at 7pm. Since their shift ended at 11, they were literally out 4 hours of pay even though they don't actually work with the systems that were effected. Lost production. Lost sales. Lost wages. One tiny, preventable worm.)

    --

    "Everything you know is wrong. (And stupid.)"

    Moderation Totals: Wrong=2, Stupid=3, Total=5.
  2. The stick and carrot by CunningPike · · Score: 5, Insightful

    I'm in favour of ISPs locking out infected machines that have demonstrated no attempt at fixing the problem. After all, these people have shown a blatant distregard of basic sysadmin responsibilies: how long has CodeRed been known about now?

    However, here's a suggestion for a better response than simply removing Internet access to/from infected machines. The ISP runs some kind of DMZ server, but on the DSL side. All web traffic from infect machines is redirected to that one server (via transparent proxying), all other traffic is blocked. That way the end user can instantly see what's wrong. The ISP can also mirror the relevant patches on the DMZ so the end-user can get back up again as fast as possible.

    It would take some setting up initially, but would reap substantial rewards in the long run.

    --
    | What, you were expecting
    -O_O- +---- something witty?