Slashdot Mirror
Should ISPs Cut Off Bot-infected Users?
richi writes "There's no doubt that botnets are a major threat to the safety and stability of the internet — not to mention the cleanliness of your inbox. After years of failure to act, could we finally be seeing ISPs waking up to their responsibilities? While ISPs can't prevent users getting infected with bots, they are in a superb position to detect the signs of infection. Contractually, the ISP would be reasonably justified in cutting off a user from the internet, as bot infection would be contrary to the terms of the ISP's acceptable-use policy."
Should ISPs cut off P2P users that infringe copyrights? Contractually, the ISP would be reasonably justified in cutting off a user from the internet, as copyright infringement would be contrary to the terms of the ISP's acceptable-use policy.
What about posting opinions that the ISP company doesn't like? It's not like its suppressing free speech as they are a private company.
Or what about if we just let ISPs be what they are supposed to be, common carriers, before this goes to slippery slope?
Should ISPs Cut Off Bot-infected Users?
Yes. Some ISPs already cut off P2P users. By comparison botnets are a real threat.
Trolling is a art,
Yes, yes! A million times YES!
A doctor would quarantine a contagious patient. An ISP should quarantinean infected PC.
If I were God, wouldn't I protect my churches from acts of me?
>"Should ISPs Cut Off Bot-infected Users?"
After a suitable warning to the customer/administrator, yes. Absolutely. But it should be made very easy for the customer/administrator to reactivate their service, too.
Yes, but not before first providing ample warning notifications by e-mail, SMS, and robocall.
If you cut somebody off from the net straight away, that prevents the person from downloading the necessary file to take the steps necessary to remove the bot.
To blog is sublime
My cable ISP cut me off in 2001, when my roomate got a worm/bot infection due to bad P2P settings. I understand the good intentions, but it then became difficult to reach the right person who could reinstate service once I convinced them my network was clean.
For all the information the ISPs track from us, they have a responsibility. Pleasing cost (razor thin margins) is no excuse to engage in restless behavior. In a capitalist society we recognize that if you can't pay for the costs of doing business, you go out of business and your competitors eat your lunch. Preventing crime that involves using your service is a reasonable and legitamate business cost. After all, the botnets tend to be one of the major user of ISP resources - particularly if they are doign a Denial of Service attack. So shutting them down lowers the ISP costs, increasing their thin margins.
excitingthingstodo.blogspot.com
Sure it's fair.
Once you're infected the rest of the Internet with crap, you're costing them more money in tech support calls from people complaining about you. Why would they pay to keep launching your crap packets into the core? Be your own ISP if that's your agenda. If you take care of your network, you won't run into this.
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
All the more reason to use a structured definition of what constitutes an infected machine instead of pure judgement.
That door has always been wide open.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Restrict them to a subnet that only contains pages related to removing the malicious software.
ISPs should be responsible for filtering out bot activity, but it's not really fair to anyone to cut them off entirely. After all, it's not entirely their fault they got infected... hell even if they're responsible with updates and activity they could have been compromised by some new vulnerability.
Has firewall technology not been able to keep up with bulk ISP traffic or something?
I understand that users ought to control their own home firewall, but ISPs should have firewalls / filters they control further upstream, where they can add rules to block certain types of traffic only when necessary. But I guess if they have it, then that means they're kinda liable for configuring it effectively and can thus be held responsible for attack traffic that does get through.
Anyway, I don't like the idea of being cut off from network access without at least a few weeks' advance notice and time to respond. Which is virtually an eternity in botnet time... which makes that whole approach somewhat pointless.
"Your internet service has been suspended due to a virus infection. Please call or email us to get reconnected". .
"Common sense will be the death of us all"
No. You have a DOCTOR cut it out. The question here is whether or not most ISP's are competent in determining what really is bot activity. A bunch of false positives will be miserable -- as will having to prove to some first-tier customer support person that your system is not infected (as in never was) or that it is actually cleaned and should be allowed back online.
And pity the person that has their ISP connection blocked that uses voice over IP to call customer support. If the ISP blocks the MODEM life is going to be interesting.
Oh, and you won't need to look up that phone number, will you?
Overall, getting infected systems of the net is a wonderful idea, but one that could be a complete mess if done poorly.
Life is short: void the warranty.
They're Internet SERVICE Providers. Not Internet Police, nor Internet Guardians. They exist to provide people with access to the Internet for a fee. Now a lot of ISPs already do plenty that is contrary to the best Interests of the customers. Bad behaviour ranges from price gouging and using misleading advertising, to draconian terms of service (usually because they're able to due to a monopoly or collusion), to playing fast and loose with customer's private data (often in the name of anti-piracy). Do you really want to give these same ISPs the power to take a customer's money and provide them with nothing based on nothing other than their own conclusion that a customer is infected? That's madness. An ISP should be providing a customer with help to remove the infection, not removing their access to the Internet.
These posts express my own personal views, not those of my employer
They already do that, and their right to do so is written in their contracts.
"Prefiero morir de pie que vivir siempre arrodillado!"
So on one hand, ISPs should not regulate the type of traffic and should not sniff, etc...
On the other hand, ISPs should cut off virus-infected computers. Apparently, they ARE sniffing or monitoring in some way in order to cut you off.
Just wait for a company to decide that being a torrent feeder is being part of a botnet and thus torrent feeders must be cut off. Good luck getting back on again.
If it is really botnet activity, why not just block the botnet activity but not the non-botnet activity? If you can't determine if it's botnet activity well enough, then how are you going to choose who gets cut off?
(I am not necessarily decidedly against this, but at the moment, it seems to be somewhat hypocritical to be against ISP filtering and for ISP cutting off [on their own]. Enlighten me. :) )
What is it about spam and malware that causes people to completely lose their minds? What are you worried about botnets anyway? Either your system is secure and it won't be a problem for you, or your system is not secure and you are, by your own admission, "part of the problem." This isn't like quarantining carriers of a deadly disease. It's not exactly difficult to secure your own system against the nasties on the internet. But people are here supporting the idea of severing a person's internet connectivity because they've been a victim of some asshole on the internet. I think we can all agree that the internet is culturally revolutionizing, and has already proven itself to be an extremely important tool in the promulgation of free speech. But once you throw this crap in the mix we have people asserting these authoritarian opinions which, quite honestly, scare the shit out of me.
At the very least, if there is some set of criteria for disconnecting somebody from the internet, there must also be criteria for how to get reconnected and a very clear and doable set of instructions how to get back online. Otherwise you will end up permanently silencing people.
Exactly. Whats from stopping an ISP from simply cutting you off because you were using too much bandwidth, stating that you are infected?
Nothing. Just like nothing is stopping them from doing it now.
Being able to connect to any port and to receive connections on any port is the definition of Internet access. I absolutely should be able to run a mail server on my home machine.
Now, if the ISP were to block incoming port 25 by default, and people who wanted it could fill out a quick form or something, maybe that would be okay.
I've been on the Internet for about 25 years. No computer under my administration has ever been infected by malware of any sort.
You aren't being punished. The Net is being protected.
Bad analogy. The manufacturer is not shutting off your car. The toll-road operator is telling you to leave and not come back until you fix your oil leak.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Or you could take the easy way and educate users
You don't work in IT, do you?
In that process of training & service for PCs don't forget the possibility that it might not be the computer that is infected:
There are viruses now that can infect routers and modems.
I can only imagine how pissed off a customer is going to be if their ISP insisted that they pay a professional to clean their computer and are still being denied internet access because their router is infected.
Warning: This sig is not thread safe. For more information see Slashdot's sig policy.