Slashdot Mirror
Should ISPs Cut Off Bot-infected Users?
richi writes "There's no doubt that botnets are a major threat to the safety and stability of the internet — not to mention the cleanliness of your inbox. After years of failure to act, could we finally be seeing ISPs waking up to their responsibilities? While ISPs can't prevent users getting infected with bots, they are in a superb position to detect the signs of infection. Contractually, the ISP would be reasonably justified in cutting off a user from the internet, as bot infection would be contrary to the terms of the ISP's acceptable-use policy."
Should ISPs Cut Off Bot-infected Users?
Yes. Some ISPs already cut off P2P users. By comparison botnets are a real threat.
Trolling is a art,
Yes, yes! A million times YES!
A doctor would quarantine a contagious patient. An ISP should quarantinean infected PC.
If I were God, wouldn't I protect my churches from acts of me?
>"Should ISPs Cut Off Bot-infected Users?"
After a suitable warning to the customer/administrator, yes. Absolutely. But it should be made very easy for the customer/administrator to reactivate their service, too.
Sure it's fair.
Once you're infected the rest of the Internet with crap, you're costing them more money in tech support calls from people complaining about you. Why would they pay to keep launching your crap packets into the core? Be your own ISP if that's your agenda. If you take care of your network, you won't run into this.
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
ISPs should be responsible for filtering out bot activity, but it's not really fair to anyone to cut them off entirely. After all, it's not entirely their fault they got infected... hell even if they're responsible with updates and activity they could have been compromised by some new vulnerability.
Has firewall technology not been able to keep up with bulk ISP traffic or something?
I understand that users ought to control their own home firewall, but ISPs should have firewalls / filters they control further upstream, where they can add rules to block certain types of traffic only when necessary. But I guess if they have it, then that means they're kinda liable for configuring it effectively and can thus be held responsible for attack traffic that does get through.
Anyway, I don't like the idea of being cut off from network access without at least a few weeks' advance notice and time to respond. Which is virtually an eternity in botnet time... which makes that whole approach somewhat pointless.
No. You have a DOCTOR cut it out. The question here is whether or not most ISP's are competent in determining what really is bot activity. A bunch of false positives will be miserable -- as will having to prove to some first-tier customer support person that your system is not infected (as in never was) or that it is actually cleaned and should be allowed back online.
And pity the person that has their ISP connection blocked that uses voice over IP to call customer support. If the ISP blocks the MODEM life is going to be interesting.
Oh, and you won't need to look up that phone number, will you?
Overall, getting infected systems of the net is a wonderful idea, but one that could be a complete mess if done poorly.
Life is short: void the warranty.
They're Internet SERVICE Providers. Not Internet Police, nor Internet Guardians. They exist to provide people with access to the Internet for a fee. Now a lot of ISPs already do plenty that is contrary to the best Interests of the customers. Bad behaviour ranges from price gouging and using misleading advertising, to draconian terms of service (usually because they're able to due to a monopoly or collusion), to playing fast and loose with customer's private data (often in the name of anti-piracy). Do you really want to give these same ISPs the power to take a customer's money and provide them with nothing based on nothing other than their own conclusion that a customer is infected? That's madness. An ISP should be providing a customer with help to remove the infection, not removing their access to the Internet.
These posts express my own personal views, not those of my employer
So on one hand, ISPs should not regulate the type of traffic and should not sniff, etc...
On the other hand, ISPs should cut off virus-infected computers. Apparently, they ARE sniffing or monitoring in some way in order to cut you off.
Just wait for a company to decide that being a torrent feeder is being part of a botnet and thus torrent feeders must be cut off. Good luck getting back on again.
If it is really botnet activity, why not just block the botnet activity but not the non-botnet activity? If you can't determine if it's botnet activity well enough, then how are you going to choose who gets cut off?
(I am not necessarily decidedly against this, but at the moment, it seems to be somewhat hypocritical to be against ISP filtering and for ISP cutting off [on their own]. Enlighten me. :) )
What is it about spam and malware that causes people to completely lose their minds? What are you worried about botnets anyway? Either your system is secure and it won't be a problem for you, or your system is not secure and you are, by your own admission, "part of the problem." This isn't like quarantining carriers of a deadly disease. It's not exactly difficult to secure your own system against the nasties on the internet. But people are here supporting the idea of severing a person's internet connectivity because they've been a victim of some asshole on the internet. I think we can all agree that the internet is culturally revolutionizing, and has already proven itself to be an extremely important tool in the promulgation of free speech. But once you throw this crap in the mix we have people asserting these authoritarian opinions which, quite honestly, scare the shit out of me.
At the very least, if there is some set of criteria for disconnecting somebody from the internet, there must also be criteria for how to get reconnected and a very clear and doable set of instructions how to get back online. Otherwise you will end up permanently silencing people.
Wait, your big plan is to:
1. Cut off their access (presumably also to e-mail)
2. Send them an e-mail that they must reply to if they want to be able to read email.
And where exactly are they supposed to read this email?
Exactly. Whats from stopping an ISP from simply cutting you off because you were using too much bandwidth, stating that you are infected?
Nothing. Just like nothing is stopping them from doing it now.
Being able to connect to any port and to receive connections on any port is the definition of Internet access. I absolutely should be able to run a mail server on my home machine.
Now, if the ISP were to block incoming port 25 by default, and people who wanted it could fill out a quick form or something, maybe that would be okay.
I've been on the Internet for about 25 years. No computer under my administration has ever been infected by malware of any sort.
You aren't being punished. The Net is being protected.
Bad analogy. The manufacturer is not shutting off your car. The toll-road operator is telling you to leave and not come back until you fix your oil leak.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
When the latest Ubuntu ships I often leave my torrent client seeding for a couple weeks.