Slashdot Mirror

← Back to Stories (view on slashdot.org)

Australian ISPs To Disconnect Botnet "Zombies"

Posted by CmdrTaco on from the want-braaaains dept.

jibjibjib writes "Some of Australia's largest ISPs are preparing an industry code of conduct to identify and respond to users with botnet-infected computers. The Internet Industry Association, made up of over 200 ISPs and technology companies, is preparing the code in response to an ultimatum from the federal government. ISPs will try to contact the user, slow down their connection, and ultimately terminate the connection if the user refuses to fix the problem. It is hoped that this will reduce the growth of botnets in Australia, which had the world's third-highest rate of new 'zombies' (behind the US and China)."

12 of 213 comments (clear)

  1. why not directly disconnect every Windows machine? by Anonymous Coward · · Score: 4, Funny

    Not quite an accurate solution, but statistically close enough...

  2. Bad Precedent? by Anonymous Coward · · Score: 5, Insightful

    I'd rather not have my ISP decide what is a "virus" or "inappropriate communications" thank you. If the users are consuming too much bandwidth then disconnect them on those grounds, but please don't set this precedent.

    1. Re:Bad Precedent? by v1 · · Score: 5, Informative

      They usually watch for excessive traffic on specific ports. Since the most immediately profitable use of a botnetted machine is spam, the majority of botnetted PCs are either running open mail relays or are themselves functioning as outgoing mailservers. Many ISPs (including two in my area) watch for excessive traffic going OUT on TCP port 25. Unless you are running a mailserver, your computer has no legitimate reason to send out over that port in volume. Most ISP mailservers are SSL nowadays anyway and are off port 25 so you don't even need to use that if you are connecting to your ISP's mailserver from off-network. (and many ISPs outright block port 25 outgoing from anything in their network besides their mailserver) Many ISPs react the same if your computer is listening on port 25 (acting as an open relay)

      So if you are pushing megs (or gigs) a day every day on port 25, there's better than 99% chance your machine is botnetted. It doesn't take speculation to figure that out, and the odds of false-positives are very close to zero.

      That said, I have no sympathy for someone that knows their computer has a problem that's causing other people grief. That's the most basic understanding of the problem that is given when your ISP gives you a phonecall or email saying you have a problem and need to fix it or we will cut you off. If you're too stupid to acknowledge this and take responsibility for fixing it, or just plain don't care, I'd much rather see you off the internet and out of my Inbox. If you don't care that someone else has violated you by hijacking your computer that's fine with me, until they start using it to violate me, and that's when I start having a say in the matter.

      If you want a fun example to separate the computer from the problem, here's something easier to understand: ABC Construction company does building demolitions. They leave their explosives on site and not locked up. They keep getting their explosives stolen. OK I don't care about that, it's their loss. But then stuff around town start getting blown up and the explosives are easily traced back to you. That's when it's time for the police to come have a talk with you about securing your explosives. You do not have the right to continue leaving dangerous things so easily accessible that the public is constantly being hurt by them. Even if you want to ignore your moral responsibility for it, the public won't stand for it and you lose your say in the matter. You WILL secure your things or you WILL go away.

      Another excellent example is how several states legally require you to have a lock on your anhydrous ammonia tanks to prevent theft and use in drug manufacture. Also, most universities now are requiring students to install AV software on their computers before they're allowed to use the campus net. Your precedents have already been set.

      --
      I work for the Department of Redundancy Department.
  3. Re:why not directly disconnect every Windows machi by thinktech · · Score: 4, Funny

    having a computer beneath the notice of hackers is a great idea. that's why I only post on slashdot using my web-tv console.

    --
    What's up with this box everyone has to think inside of or outside of? Why does there have to be a box?
  4. Who will fix the problem? by ATestR · · Score: 4, Insightful

    if the user refuses to fix the problem

    The users who are likely to be infected by a bot are the least likely to be able to "fix the problem".

    --
    âoeAny society that would give up a little liberty to gain a little security will deserve neither and lose both.
    1. Re:Who will fix the problem? by MrMr · · Score: 4, Insightful

      Being unwilling to learn, or unwilling to ask someone who does know, would still qualify as refusing to fix the problem.
      Here's a car analogy for you:
      The users who are likely to crash by failing breaks are the least likely to be able to repair their own brakes...

  5. Re:Stop tinkering with things they don't understan by Anonymous Coward · · Score: 4, Insightful

    Quit trying to speak for the whole rest of the world. You are not qualifyied.

  6. Comment removed by account_deleted · · Score: 4, Insightful

    Comment removed based on user account deletion

  7. Re:Privacy by DavidTC · · Score: 5, Insightful

    Actually, it's more like your phone company disconnecting you for repeatedly making prank calls.

    Which, in fact, they will.

    --
    If corporations are people, aren't stockholders guilty of slavery?
  8. Re:Stop tinkering with things they don't understan by houstonbofh · · Score: 4, Insightful

    Seriously? This needed to be done for all countries 10 years ago.

    Assuming you trust them to stop at botnets and not include p2p, vpn, uunet, private mail servers out of the country, list servers, and other legitimate traffic.

  9. I think this has already been done in finland. by Oasiz · · Score: 4, Interesting

    I didn't completely RTFA, but.. If this works anything like the same way it does in here, it basically redirects you to a generic page where you can download virus / etc checks and fix your system. You can't simply reach other places (or no connection with other protocols) in that state. The ISP has basically just IP blocked you at that point (other systems under the same connection function like normal). The ISP also re-checks your system every hour or two to see if the issue has been resolved. This is also explained in the page with more detail. If it follows the same formula then I am all for it due to it working flawlessly so far. No false alarms so far in my rather heavy use. Oh yes, and I first ran into this on 2004.

  10. Re:Give a discount to those running clean systems. by dc29A · · Score: 4, Insightful

    I've never heard people suggest that before, but the idea of "using open source = discount on your internet bill" is a good idea.

    Do it in a very simple way: if you're not running windows or OSX, you get a 5% discount your bill. Some might differ on whether to put OSX in the "Do not run" category.

    The rest is too discriminatory and too extreme.

    There are people out there who are able to configure Windows to be as secure as *Nix or Mac OS. Why penalize them? Penalize the retards who run Windows/*nix/Mac OS as administrator. Penalize the retards who are infected with the botnet zombie 'du jour'. Penalize the retards who mindlessly click on every 'OMGZ YOU WIN IPOD TOUCH CLICK HERE PLZ!111!!!!!!oneoneeleventy!~one!' banners.