Slashdot Mirror
Comcast Cuts Infected PCs' Network Connections
fidget42 writes "I just noticed this article over at Infoworld. It seems that Comcast is finally doing something about the machines on their network that are being used by spammers. They are now cutting off service to those customers who have computers that have been hijacked by spammers. Now, if only other broadband ISPs would start policing their user base ..."
I know anecdotal evidence is pretty much worthless, but my friend got infected with all sorts of nasty ad/malwares, along with Blaster and a couple other worms. Cox deactivated his cable modem, he had to call them and go through phone hell to get his service back. So I'm not really sure it's only Comcast doing this.
I'm on top of my game like I'm standin' on Xbox.
Take a look at this site and you will be able to imagine it quite easily.
you know, where you see stuff like this recurring in your web server's logs...offending ip removed...
the people they are cutting off are sending out daily attacks to multiple machines, not just once or twice sending out crap here and there. i think you'll be ok.
Now, most cable modems have solder pads for a diagnostic connector, which is usually a 3 wire RS-232 serial connection. Sometimes it uses an unusual voltage, and you need a little box to change the levels. If you got access to the diagnostic connector, and your modem had the proper flash image in it, then you could program it through the diagnostic interface.
I can imagine that some modems you purchase from Fry's or what have you will look for config on ethernet, though I doubt many of them do.
For more insight on why this typically won't work, the default route on the device typically points to the cable interface, or does not exist if the cable interface is not hot, and the device has two modes of operation with regard to IP addresses on the internal interface; either it sets itself to 192.168.100.1, or it sets itself to whatever the config file tells it, and it starts proxying DHCP requests. Either way it is not going to be able to find your bogus TFTP server on the network unless it is badly misconfigured to begin with.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
The problem here is that Comcast is doing shutting down people's connections with no recourse to find out why or to re-enable it.
I received an email and an automated phone call from Comcast stating that I had an infected computer and I must clean it up. I was immediately pleased that they noticed, but frustrated that I could be infected. 5 PCs with varying OSs, all with firewalls and/or antivirus software, so I thought it was unlikely but possible. After doing a full scan I found no viruses.
So I called Comcast's 800 number. They said I need to call a different long-distance number. That number is an automated system with nothing but dead ends. If I select the option about "Viruses and spam emails" then it tells me to email abuse at comcast.net if I get a bad email. But I don't want to report a spam, I received a report. All the options did approximately the same thing: Told me something I already know then hung up. Several calls later, I used the "leave a message" option. A week goes by and I received no call back. I replied to the email but received no response. Nobody on the service number would talk to me about it.
So I receive another email telling me that my service may be disabled if I don't fix the problem. So what do I do now?
To top it off, this isn't the first time. About 8 months ago, Comcast calle and told me I was reported for sending spam. When the read me part of the SpamCop report (which they refused to do many times) it turned out to be a SpamCop report that my roommate made! We _reported_ the spam, we didn't _send_ it! After much arguing, the guy finally got it and left us alone. Mistakes happen, but what irks me the most is that they wanted to tell me I sent a spam, and make sure I corrected my behavior, but refused to tell me the source of the report, or what the email was, or when it was sent, or anything!
Below is the email Comcast sent me. It looks like a form email, with no specific statement about what went wrong.
But, users are dumb, and I'll agree with that. Last summer when the blaster worm came out, we emailed out customers ahead of time telling them they need to download the microsoft patch.
On top of that, the Microsoft Windows Update popup that comes up by default, once a week, users still continue to ignore it because they don't know what it does.
Personally, I'd like to see more type of this internet policing by ISP's. They should also be blocking people who have open SMB shares on their Windows Networks. I cant count the number of times I've purposely went in Someones SMB share and dropped a text file telling them how to fix it.
I, however, disagree with the Government policing of the internet. I believe the internet should be policed by the people who pay for it to be there. That would be us and the ISP's
We as the People-Who-Know need to be spending time helping those who don't to become self-reliant, rather than telling them 'Sorry. You can't access the net until you clean up your system. Sorry, I can't really help you do it. Call someone else.'
Comcast is already doing this. From the article:
So, they block their access to trigger the support call, and then help them secure their machine. I think this is the right approach.GreyPoopon
--
Why is it I can write insightful comments but can't come up with a clever signature?
It's a reference to the Blues Brothers, one of the greatest movies ever made. If you haven't seen it then you just don't understand the blues.
Jake: "Hey what's goin' on?"
Cop: "Oh those bums won their court case so they're marching today"
Jake: "What bums?"
Cop: "The fucking Nazi party!"
Jake: "Illinois Nazis"
Elwood: "I hate Illinois Nazis!"
Maybe we DID take the blue pill. You wouldn't remember anyway.