Comcast Cuts Infected PCs' Network Connections
fidget42 writes "I just noticed this article over at Infoworld. It seems that Comcast is finally doing something about the machines on their network that are being used by spammers. They are now cutting off service to those customers who have computers that have been hijacked by spammers. Now, if only other broadband ISPs would start policing their user base ..."
Now, if only other broadband ISPs would start policing their user base ..."
ATTBI (back in 2002) was disabling people's account for being infected with worms... People's modem CFG file would be set to disabled.cfg and they would have block sync but wouldn't be permitted onto the network.
If Comcast took over from ATTBI and is using parts of their existing network, I just can't understand why modems were not being disabled recently for infection by worms.
Are these guys even allowed to do this based on the user agreement they get their subscribers to sign? I'm sure most of these computers that get hijacked are used by Joe Somebody who probably has no idea that his computer has been hijacked. If Comcast and other ISPs are so keen on cutting off access to spammers, why not provide a firewall and antivirus programs along with their subscriptions? I'm sure it'd cost them a pidly amount and wouldn't really be all that hard to work out a deal with these software vendors to bundle them into the deal. Maybe I'm way off base here but it just doesn't sound right to just cut off acess.
... would be to put the network connection onto a quarantined sub-net where all the necessary virus removal tools were available. Once the machine was cleaned up, it would be allowed general network access again.
Fine, stop the infected machines from DDOs'ing. But hey, can the SERVICE be a little more SERVICE friendly ? Like this: DHCP Message comes up: "Dear Comca$t customer. Your computer seems to be infected with a computer virus. We will only allow you access to our FREE antivirus tools site until you have resolved this problem. Please contact us at blah,. blah, blah". Then let 'em into a site that they control with standard tools to detect and blow away those worms." Might make the customers happy instead of ticked off.
Because we all know Corporations policing is a VERY GOOD THING!tm
It's presumably a terms-of-service violation so technically you're in breach of contract and they can do what the hell they want.
I for one welcome our new connection blocking ISP overlords?
First time for me...
I agree that this should be done in extreme cases where the customer is CONTACTED before so that information and education can be PROVIDED. Simply clipping the wire does not fix the issue for anyone but the ISP.
Second, Backroads.net implemented the policy above with much success. I was happy as a customer of theirs.
It is unfortunate that this has to be done, but wouldn't a more effective solution be to block all ports but 80 or maybe even force all their traffic to a URL with an explaination of the virus and let them know that they can not do anything on the web until it is fixed?
SP
Because we all know Corporations policing is a VERY GOOD THING!tm
Well, a coworker brought in his virus-ridden computer for me to take a look at, precisely because Comcast threatened to turn off his pipe. The interesting thing is that he knew he had a problem, but because he could work with a slower computer he didn't take care of it. So at least one zombie box that would have been 'put up with' by its owner is now off the net.
OTOH, I'm worried about the precedent this sets. Who knows what other things will bring the 'death penalty' from the ISPs? What ports will be shut down because 'you don't need them'?
One man's -1 Flamebait is another man's +5 Funny.
I think so.
My sister's university would not allow her PC back on the school network after they cut ALL student network access in the wake of MyDoom, until it could be verified by a tech at the school that she was running Norton AV.
Her PC runs Debian and only Debian. It took more than a month for her to find a sane enough tech in admin to realise that it was pointless trying to do so. All of the rest tried the different bullshit techniques telling her why all PCs are a problem regardless of OS.
The most classic was one of the last techs, a supposedly bright 35 year old guy who came around with a warezed copy of NAV to attempt installing on her PC. He not only knew what Linux was when he recognised it, but told her to make her PC secure she'd have to install Windows and THEN put NAV on.
RST
Code Red showed up in August of 2001. Anti-virus vendors, and even Microsoft, released detection and cleaning tools. To this day, two and a half years later, I am still getting Code Red hits from infected machines.
It is about bloody time that a large provider has become willing to proactively cut off infected machines. Now if only UUNet would do the same, as most of the Code Red hits I receive come from within my own NSP's network.
-Chris
-- This sig is only a test. If this were a real sig it would say something witty. --
You can't send a message with DHCP- thats a network assignment protocol. As in, you get your IP from them with that.
It would be even better to send them a "Net Send " but thats been disabled due to viruses and spam.
Frankly those users have ignored all the obvious aspects of being infected (100% cable light flashing) and have probably consumed more bandwidth than an army of teenagers downloading MP3s. That cable *should* be cut and I stand by my comments about desiring cable access being denied to them UNTIL they remove their virus.
Frankly, they AREN't running a virus scanner because... obviously... the logs go on for days. Weeks. A few for months. So how exactly do you want to make them call in for more information? Why, you cut out their access. Very quickly they call in. If they don't, well, they weren't using the service and they will call in when they want to... at which point a qualified technician can 'walk them thru' downloading a virus scanner and installing it.
Because lets face it- if they are spamming the net with a virus thats been on their machine for months, a little DHCP message (hah) ain't gonna do nothing to stop them.
I agree with you on your second point. I am a comcast customer because they let me connect out to any port and leave all inbound ports open, which I need to test things as part of my job.
My dream ISP service agreement would be one that guarantees full access to all ports and protocols, but the ISP reserves the right to shut off my connection if it is hijacked.
Because we all know Corporations policing is a VERY GOOD THING!tm
Wow, you make it sound like a conspiracy theory as if your rights are being taken away. What they're doing is right. It's THEIR network, they can do whatever you want. It's not like you have a right to use the internet.
If I owned an ISP and some computer illiterate moron failed to keep up with patches, I would dump them too. People need to start getting with it and taking responsibility for their own actions. How many years now have all kinds of viruses and worms been glorified in the media? Far back as I can remember.. so saying, "Well, I didn't know" no longer cuts it.
If you're gonna go on someone's network, the least you could do is be kind enough to educate yourself about how to update/protect your own PC.
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
You're obviously not a SysAdmin, or someone else who runs mail servers. Otherwise, you'd be cheering very loudly (and a lot less sarcastically) in response to this (as I am!)
I've lost count of the number of times a virus-infested "spammer zombie" Comcast box has tried to hit our mail servers, and the problem's been going on for at least the last six months. In fact, it has gotten bad enough that I have two entire domains (client.comcast.net and client2.comcast.net) blocked out of our servers altogether.
If Comcast's cable broadband customers are too ignorant or too stupid to take even the most basic of computing security precautions, why should the rest of the 'net have to suffer for their utter lack of responsibility for their systems? If they lose their connection until they TAKE RESPONSIBILITY for cleaning up their system, they have only themselves to blame.
I, for one, am stunned that Comcrap actually DID something useful! Their abuse-handling unit has, in times past, shown all the responsiveness of a sun-warmed snail on vallium.
Bruce Lane, KC7GR,
Blue Feather Technologies
I have a suggestion.
Write up a small business plan based around these knocked-off-the-network infected PCs.
You can charge "$50 + travel fees. Usually under $100" to clean their computer, and get them back online. Yeah. It's a fee, and many people wont be happy about paying it. But, at the same time, it'll teach them a lesson about security on their pc. If they dont want to pay it again, theyll have to do their own security stuff.
You see politics, I see opportunity.
The only real trick to this would be streamlining with comcast, which is next to impossible.
no
The most classic was one of the last techs, a supposedly bright 35 year old guy who came around with a warezed copy of NAV to attempt installing on her PC. He not only knew what Linux was when he recognised it, but told her to make her PC secure she'd have to install Windows and THEN put NAV on.
If the school was insisting that all user PCs had to be running NAV, it's possible they bought a site license, so it wasn't necessarily a warezed copy of the software, just something on a CD-R. Also, Symantec does make a linux version of their command line scanner, so it's not absurd that they require she install "NAV" on her machine.
That said, the guy mentioned above is a dumbass on par with a tech at Adelphia cable I once spoke to when my modem lost sync. "We don't support Linux. You need to get a REAL operating system before I can help you."
What part of "shall not be infringed" is so hard to understand?