Slashdot Mirror
AU Government To Pilot Target Zombies
msblack writes "
Australian news sources are reporting that the communication regulators will begin notifying ISPs of infected customer computers. In a three-month pilot program, the Australian Communications & Media Authority will identify zombie computers and ask their owners to clean them or risk being disconnected. When will U.S. regulators and ISPs get on board?"
"When will U.S. regulators"..."get on board?"
Well I hope never. ISP should have rights to protect their network so they should be allowed to stop Zombie systems when they feel like it. But for U.S. regulation. I say No way. All regulation does is make loopholes for the bad guys and road blocks to the good guys. ISP should be willing to work with their customers to insure this doesn't happen, that is why a lot of ISP are offing free protection software to their windows users, partially because other big names are doing it so they can stay competitive, and partially because with less spam and viruses on their network they can more easily manage it. With US Government control it will be like your system is a Zombie and Fix it. To most people who only have a passing idea what a virus or spyware/addware is, most really won't know much how to fix it if it doesn't require clicking one button and then selecting the default for all questions. So if it is anything of a difficult fix, or requires hireing expensive techs to fix it they will toss their computer saying it is broken, or sue ISPs and the Government for disconnecting their ISP without giving them a means to remove it. Also systems like P2P, BitTorrent, and some distributive computing systems, all with legal uses, could be considered a zombie system to some some people like the Entertainment industry and can use that to force all people using the technology even for non entertainment uses (such as downloading Linux distros)
Government control adds rigidly defined rules to a flexible universe and often will cause more harm then good.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Seriously, how hard is it not to press the big red "No" button on a dubious site that asks you to install software that tracks the weather/vaccums your carpet/makes coffee? The warning is quite clear on all the browsers, I think, why are people still doing it?
Send email from the afterlife! Write your e-will at Dead Man's Switch.
Pure, raw, unadulterated situation: congress doesn't care. The big ISPs don't care. They have had 10 years to address the situation and have refused all along. They are, however, willing to pass laws preventing unsecured wireless access points. Given a choice between lending support to MPAA/RIAA or actually addressing a serious problem, be it hacking, phishing, worms, viral attacks, DDOS attacks or any other legitimate issue.... look at it like this: how quickly have they acted to prevent the zombie issue? How quickly did they act to try and sneak the broadcast flag into law. Again? Or again?
Start writing campaign checks and picking up the tab for "fact finding missions" to Hawaii for a senator or ten... then you might find some interest on the hill.
If the g'vt kept the data on you that google does you'd better believe you'd be calling it "doing evil"
It would be cool if ISPs proposed some anti-malware strategies to their customers, maybe send some Linux distro :)
I agree botnets are a problem and that my ISP has a right to stop me from being a nuisance to the rest of the internet. But outside of that do I really want my ISP taking broad arbitrary decisions on what I can do with my connection?
"Don't belong. Never join. Think for yourself. Peace." V.Stone, Microsoft Corporation
"AU government to target Microsoft's indifferent security"
From the article: "Anthony Wing, manager of the anti-spam team at the ACMA, told ZDNet UK sister site ZDNet Australia that the application, which took "some months" to build, can identify computers physically located in Australia that are being used for "illicit reasons".
"[The application] identifies IP addresses that have been used for illicit reasons -- for example spamming," Wing said. "There are a range of sensors around that world that identify them. Those infected IP addresses are then fed to the relevant ISP. They know who their customers are so that can contact them... if the computer remains a threat to other Internet users, the ISPs may take steps under their acceptable use policy to disconnect the computer until the problem is resolved".
...The ISPs will then be responsible for contacting their customers and helping them disinfect their computers.
This is great, assuming that:
$nice = $webHosting + $domainNames + $sslCerts
If there are the right incentives, the zombie problem will go away.
E.g. if the user somehow feels it is necessary, he'll take care of his machine.
I know of people who know full well their computer will get infected with malware. They do it anyway, because they figure it won't cost them anything. Their ISP won't bug them, nor the phone company, nor anyone they DDOS, etc. They simply don't care.
That's why I want multiple waves of hardware-destroying worms. Worms that ruin your mobo month after month, until people wake up and see that proper administration is good for them too.
Another possible incentive would be to fine ISPs for allowing machines on their netblock to send out spam or do other anti-social things -- but that's going to be less effective, because an ISP can't fix the problem on a user's machine. All it can do is disconnect it, and that just leads to support calsl and whining from the (l)user. Which is why it isn't done (duh!)
http://www.thebricktestament.com/the_law/when_to_
I think not. Free speech does not include the right to shout "Fire!" in a crowded theatre, and free use of the Internet does not include the right to allow your machines to stuff it up for the rest of us.
As a Telstra customer who saw his cable connection slow to about 1/100th of its normal speed thanks to the DNS attacks of a few months ago, I'm glad to see someone doing something about the problem.
Il n'y a pas de Planet B.
"Finally! Those fat cats in Canberra are taking some action to prepare for the immanant impending zombie pandemic."
= 0J4
They wouldn't have to look far for the source of the infection. Check this guy out;
http://www.aph.gov.au/house/members/member.asp?id
He's even got the voice down right...
"I've got more toys than Teruhisa Kitahara."
"When will U.S. regulators ... get on board?"
Never , because alll U.S. lawmakers are in the pocket of Big Zombie.
Hopefully never. Well, U.S. regulators anyway.
ISP's should be protecting their own networks. Saved bandwidth costs alone should be enough reason for them to want to detect and block zombies. The last thing we need is more government intervention.
The IRCop is right. It is very difficult to track this stuff down, and it is a pain. Believe me, if I was in his position I'd be pretty ticked at you, as your compromised machine was reponsible for abusing his network and it even looks like your box got banned from the network. You're even guilty of ban evasion!
I am an IRCop on a very small network which had a botnet problem last year. Hundreds and hundreds of bots would connect, all joining channels. We wrote scripts to ban all the bots, upgraded services, the whole lot. They keep coming. Some of them came to new channels. The "owners" hadn't showed up at this point, not even once. After around 5 days some people showed up in those channels from ISPs in the middle east. I did track them down, and sent abuse emails to their ISPs. Got a response in a few days, offending account shut down. But that account was probably another 0wned box anyways.
Unfortunately sending ISP abuse emails to all of the bot IPs was much too daunting a task for a small time IRC network.
Keeping unwanted things off an IRC network is hard work. Kiddies often have hundreds of open proxy and otherwise usable IPs to use for ban evasion.
I hate to be brutally honest, but you share a lot of responsibility. *Your* IP was abusing his system.
isomerica.net | Foonetic IRC
No; He reported it to somebody who was being attacked by the same person. And, if you knew anything about IRC you'd know it is awfully difficult to keep bad guys off your network when there are so many open proxies. If a cracker tried to use this person's network to run a botnet, they already had their hands full trying to keep all of the bots from DoSing the network.
This person didn't try to "report it to the admin who is responsible for maintaining the resource from where the attack was launched." He bitched about it to somebody who was taking the brunt of the attack, in traffic and otherwise.
isomerica.net | Foonetic IRC