Slashdot Mirror

← Back to Stories (view on slashdot.org)

Comcast Thinks About Stopping Zombies

Posted by timothy on from the get-to-it-fellas dept.

LehiNephi writes "Comcast has finally admitted that its users are responsible for a large amount of spam, and they are thinking about how to stop it. Apparently they haven't been turning a blind eye to the problem after all. The simple, blanket approach of blocking all traffic on port 25 would have too many side effects, particularly for users running their own mail servers. However, they can block that port on individual cable modems-a sort of surgical strike. As far as I'm concerned, the sooner they implement this, the better!"

17 of 592 comments (clear)

  1. What about legitimate zombies? by Tourney3p0 · · Score: 5, Funny

    This clearly violates the right to maintain your own SCO-attack zombie.

  2. First! by Anonymous Coward · · Score: 5, Insightful

    I think it's a good idea. But why stop there? Disconnect the zombies until they fix the problem on their computer.

  3. Big difference between zombie and server... by LostCluster · · Score: 5, Interesting

    There's a real easy way to tell the difference between a zombie and somebody running a home mail server...

    The zombie will be sending an insane number of e-mails to an insane number of users constantly. No home mail server should be used to run a listserve with anything more than a hundred people or so. Therefore, bursts of port 25 are okay, camping on port 25 is a sign of trouble.

  4. Registering mail servers? by mcrbids · · Score: 5, Insightful

    What if they had a *simple* process for registering your mail server with them? 5 minutes, maybe $20 and that's it?

    People who run their own mail servers are control freaks and had better be technically minded enough to call the Admins at Comcast in order to register their mail server.

    Otherwise, who'd notice or care?

    --
    I have no problem with your religion until you decide it's reason to deprive others of the truth.
    1. Re:Registering mail servers? by MalleusEBHC · · Score: 5, Interesting

      It doesn't even have to be that difficult. Just block port 25 by default. If someone calls up and asks for it to be enabled, do it free of charge, no questions asked. Now everyone who wants to run a mailserver can do so painlessly, but the average joe zombie wouldn't be able to spread spam because port 25 would be off for him by default. I bet this would stop 90%+ of all the nasty zombie spam.

  5. Spammer persistence... by Faust7 · · Score: 5, Funny

    However, they can block that port on individual cable modems-a sort of surgical strike.

    Bit like Whack-A-Mole, then?

    --
    The coolest voice ever.
  6. What about the children? by Tourney3p0 · · Score: 5, Funny

    Won't someone please think of the zombie child processes?

  7. Nope. by Anonymous Coward · · Score: 5, Informative

    There is actually an 'official' alternate port for this purpose. See:

    http://www.ietf.org/rfc/rfc2476.txt

  8. Comcast's Agreements by Roguelazer · · Score: 5, Informative
    Anybody here ever read a Comcast Usage & Subscriber Agreement? I have. They're quite... chilling to read. Lots of people have posted about the forbidding of running a server of any kind, so here it is: Acceptable Use Policy

    The area you're referring to is
    (xiv) run programs, equipment, or servers from the Premises that provide network content or any other services to anyone outside of your Premises LAN (Local Area Network), also commonly referred to as public services or servers. Examples of prohibited services and servers include, but are not limited to, e-mail, Web hosting, file sharing, and proxy services and servers;

    For example, take a look at this quote, which makes my browser's caching of Slashdot's GNAA posts illegal:
    (ii) post, store, send, transmit, or disseminate any information or material which a reasonable person could deem to be objectionable, offensive, indecent, pornographic, harassing, threatening, embarrassing, distressing, vulgar, hateful, racially or ethnically offensive, or otherwise inappropriate, regardless of whether this material or its dissemination is unlawful;


    Try reading this one: Subscriber Agreement. This section, in particular, gives Comcast permission to view any information transmitted over the network from or to you:
    Comcast shall have no obligation to monitor postings or transmissions made in connection with the Service. However, you acknowledge and agree that Comcast and its agents shall have the right to monitor any such postings and transmissions, including without limitation e-mail, newsgroups, chat, IP audio and video, and web space content
    Section 9's cool too. It says that you waive the right to sue them in a real court, but instead will have a hearing before a "neutral arbitrator". Anyhow, you should read all that stuff. Some of it's absolutely unique.

    If I don't get modded up for this, I'll be amazed
    --
    My Systems
  9. Re:Wrong approach? by LostCluster · · Score: 5, Insightful

    What I would love to see somebody come out with is a provider-side web configurable firewall. Basically, a way to tell my ISP "If you're getting incoming port 80 requests coming my way, don't bother me with it."

    In the default configuration, all ports below 1024 should be blocked, and there should be some explanation to the user that if they want to offer a home-based webserver, they have to visit the designated area on the provider's site to indicate that they want port 80 incoming traffic. That way, ISS-worm-of-the-week traffic will not bother your last mile bandwdith if there's no web server home.

    Outgoing ports can be restricted the same way. Outgoing port 25 should only be allowed to official mail servers, unless the user specifically requests otherwise. That way, if a Spam-bot gets in, most users will already be set to not let it out...

  10. Port blocking by Openstandards.net · · Score: 5, Interesting
    I don't believe any ISP should block ports. It's a slippery slope. The ISPs should be utilities, like electric companies, providing you an unhindered connection to the Internet.

    I have two primary requirements for an ISP. (1) must not block any ports for any reason. (2) must provide at least one static IP.

    AOL blocks game ports, so they can charge you $5 more per month for opening the ports. They were one of the first to change the role of ISP from utility to controlled collector of optimal revenue. I have for at least 5 years told everyone to get rid of AOL. Unfortunately, today, people have come to accept the idea that it's ok for an ISP to block ports.

    As for the zombies, the ISPs should try:

    • Informing their customers that their machines are infected. Seems obvious, but it's obviously rarely done, as most users don't know they are infected.
    • Provide links to free virus detection and spyware removal software. There is a lot of it out there. If the users don't want to by Norton, they could at least try a free one. I bet most don't know that there are free options available.
    • Offer free Linux CDs.
    --

    Open Standards Portal
    1. Re:Port blocking by MBCook · · Score: 5, Interesting
      If I set some large device to store energy and then send it back into the grid wrong (lets say it comes into my house at 220v, 60hz so send it at 1500v 300hz) therby screwing everything up for everyone else on my section of the grid, don't you think the power company would come and cut me off?

      In fact, thanks to safties in the power system, if you tried that you'd probably blow up the transformer outside your house. This would cut off you from the rest of the grid and protect everyone else.

      It's the power company's job to give me good service. Steady power, clean, no problems. My ISP (who actually IS Comcast) should be the same way. Fast, reliable, no problems. Instead ISPs often follow your "we're just the middle man" theory. This leads to my 'net connection getting wasted by downloading tons of spam for every real message that should get through.

      The power company won't let you scew up THEIR network. The phone company doesn't look kindly to people hijacking phone lines and using them for free, and ISPs should be no different. They should FIGHT these zombies.

      After all, zombies cut into the bottom line in traffic that has to be passed (both outgoing spam and incomming spam), storage (storing spam on their e-mail servers), and other such things.

      Knock the zombies off the network. This is no slippery slope, this is climbing back UP the "you can do whatever you want even when it makes the internet worse for 99% of people" hill that a blind eye has slid us down.

      I won't lose sleep, and neither should you.

      --
      Comment forecast: Bits of genius surrounded by a sea of mediocrity.
  11. Zombies: Obligatory by bludstone · · Score: 5, Funny

    "You shot the zombie flanders!"
    "He was a zombie?"

    What did the vegetarian zombie say?
    "Graaiiiinnnnsssss"

    http://www.brains4zombies.com

    Old unix hackers don't die, they just turn into zombie processes.

    I'm sure I'm missing a ton.

    --

    no .sig
  12. Comment removed by account_deleted · · Score: 5, Informative

    Comment removed based on user account deletion

  13. Re:How to tell? by bigberk · · Score: 5, Informative
    Is there an easy way to tell if your own computer is a zombie spambot?
    Yes, there is! If your IP is sending spam, believe me, we will have noticed via our extensive spam traps. Just query your IP at OpenRBL or at dnsstuff to see if you're blocked due to spam received from your IP.

    Note that you can also appear on blocklists for various other reasons. So look into why you're blocked. If you're listed on AHBL, CBL, SpamCop, WPBL for example then your host is probably infected.
  14. Re:An expensive problem. by Caradoc · · Score: 5, Insightful

    They now have a choice - how much is it going to cost them if they do NOT implement some policy that prevents their users from spamming the entire world, and they end up getting all of their e-mail blocked?

    And how much money could have been saved if they'd implemented such a policy when people started telling them it was a problem (it's been several years since people started telling Comcast that their users were a load of USDA Prime Clue-Free Spam Zombies...)

    It's interesting how much money can be saved by paying attention to the small, seemingly innocent details before they add up to be monstrous problems.

    --
    Specialization is for insects. - R.A.H.
  15. Re:read your usage agreement by Aaden42 · · Score: 5, Insightful

    There's an aweful lot of people missing the point here. To cause trouble for people running their own mail server, they'd need to block INBOUND traffic coming to port 25. That wouldn't stop any of the zombied machines since they're all trying to make OUTBOUND connections going to port 25.

    If you block outgoing 25 (thus stopping zombies) what you also accomplish is preventing any of your customers from using anyone else's SMTP server as their outgoing SMTP server. My web host supports TLS encryption which I prefer to use so at least my neighbors aren't reading my mail.

    Requiring everyone to use the ISP SMTP server is the wrong solution, and it's a complete pain for laptops. I can take my laptop anywhere, plug it in, and know that I can send mail (using authenticated SMTP) through mail.myhost.com. If everybody starts blocking OUTBOUND 25, then whereever I plugin my laptop, I need to ask, "Hey, what's your SMTP server???" A very poor solution to the problem.

    Block 25 for known zombies or just disconnect them completely. When they call ("My Internet's broken!") let 'em know they've gotta patch their box and get some antivirus software (and stop clicking on those damn attachments!!!) before they get their pr0n0 feed turned back on.