FCC Chair Calls On ISPs To Adopt New Security Measures

alphadogg writes "U.S. Internet service providers should take new steps to protect subscribers against cyber attacks, including notifying customers when their computers are compromised, the chairman of the FCC said Wednesday. Julius Genachowski called on ISPs to notify subscribers whose computers are infected with malware and tied to a botnet and to develop a code of conduct to combat botnets. Genachowski also called on ISPs to adopt secure routing standards to protect against Internet Protocol hijacking and to implement DNSSEC, a suite of security tools for the Internet's Domain Name System."

Torrents

[mehrotra.akash]

Will torrent clients be classified as malware as well?

Re:Torrents

[causality]

I doubt they want to piss off some big customers.

If that's the only societal force that can spare us, then we're screwed. Big customers can be whitelisted or "undesirables" can be blacklisted.

I think what we need is to promote an awareness of just how important the Internet is, that screwing around with it for any reason other than good engineering is a bad idea. For example, the DNSSEC mandate is actually a sound idea and stands a good chance of working better than what we have now.

The moment an anti-malware system starts intentionally hindering many (or all) torrents is the moment it ceases to be a technical solution and changes into a political tool. You don't need to understand the technical details of how BitTorrent works to understand this. We need a general public that understands this, for the same reason we need to understand that "think of the children!" includes concern for what kind of authoritarian, regimented society we're leaving them to inherit.

I have to assume that any mandate to "protect against botnets" that could ever be construed to mean bans on entire protocols is going to be inevitably abused. Authoritarian types look for such "opportunities" just as businesses look for new markets. Power is just a different kind of currency.

Re:Torrents

[DigiShaman]

Time Warner has been disabling user for malware for about 6 years now. Actually, they get redirected to a web page telling them to call the abuse department to review why the account has been temporarily disabled, agreeing to clean up the pc, and then the account gets renabled.

The web page they direct customers to is http://www.rrsecurity-abuse.com/abuse.php

Actually, everyone should review it. It's nicely layed out for ISP standards.

Re:Torrents

[parlancex]

Actually, there are probably a lot of malware authors giddy at the thought of a legitimate malware notification service. There have already have already been large phone campaigns by botnet creators with the phony premise that the callee's computer is infected, with phony instructions to remove the infection (install new malware, obviously). Once there actually IS a legitimate service doing this it will be even harder for less tech savvy people to tell the difference.

Re:Torrents

[PopeRatzo]

I think what we need is to promote an awareness of just how important the Internet is, that screwing around with it for any reason other than good engineering is a bad idea.

First, we might need to promote an awareness of just what the Internet actually is. How it works and why.

We've got young people who don't recall a time before Internet, and don't know how and why it came into being and know nothing about it's potential. To many of them, it's just another shopping mall/arcade.

For my money, the Electronic Freedom Foundation is currently doing the best work in this regard, so I send them money. But it also takes those of us who do have some awareness of these things taking the time to explain it. To advocate for it. To protect it. We have to make sure our shared memories, our shared culture, survives.

There are a lot of powerful forces that would love to turn the Internet into the home shopping network on steroids. Into a one-way media outlet that tells us what's what. Into just another "cool" medium.

We have to use the power of our oral tradition and our written tradition to spread the word on a person to person level. One to one and one to many. We must fight on the blogs, we must fight in the comment sections, we have to fight on the streets and on the beaches, We must never surrender. (OK, I got a little carried away at the end there, but you get the idea).

Re:Torrents

[fluffy99]

Even if so, it's not problematic.

All this is (going by the summary - article's still loading) is notification. "Hey, we noticed your machine seems to be infected with a virus and is part of a spam-spewing botnet. Here's some links to antimalware that'll clear that right up". "Hey, we noticed a lot of traffic from spyware sending every keystroke back to totally-a-legit-site,cn, you might want to scan for that". "Hey, you seem to be torrenting massive files 24/7, here's some MAFIAA propaganda telling you to stop copying those floppies".

The ISPs are really the only ones positioned to thwart attacks as well. For example, blocking an IP that appears to be port scanning or sending high rates of email. Or rate-limiting icmp packets to reduce the effectiveness of DOS attacks. Or perhaps help in backtracking and notify their clients that seem to be participating in DOS attacks or spamming. The slippery slope of course is that if we expect the ISPs to start inspecting and throttling traffic for good reasons, it's not much of a leap to start snooping and throttling for reasons less advantageous to the customers. Not much of a leap from, "Hey that web site you're visiting is hosting a zero-day driveby attack" to "Hey you shouldn't be looking at neekid girls".

Re:Torrents

[fluffy99]

I don't want the govt involved in the internet, and they have a crappy track record on dealing with botnets.

If you're port scanning multiple IPs, then you fit the profile of an attacker and need to be looked at. Bulk mail is another issue. It would be reasonable to notify customers that their computers are sending large volumes of email. If the customer isn't aware of it, then they just got a clue that they might be infected. Sending bulk mail, especially not using the ISPs relay, is often against the TOS.

I was talking about inbound as well as outbound. If your ISP sees someone port scanning through their address space looking for open ports, blocking them makes sense. It also makes sense to watch for users inside their space port scanning. It's no different than the cops stopping someone who is walking through the neighborhood checking the doors. Rate limiting stuff like icmp works just fine, as does ingress filtering stuff you shouldn't be seeing. If a connection is spewing 500 pings a minute for 10 minutes, it's pretty unlikely it's for a legitimate reason. Another example if dropping packets which appear to be from bogons. Or noticing clients that appear to be doing syn attacks or the like.

Really, it's not hard to detect computers acting badly.

Re:Torrents

[msobkow]

More to the point, such legislation to disconnect "infected" machines implies that there is some standard for a "clean machine". And you can BET that "clean machine" model is based on known, locked down, PROPRIETARY operating systems, not someone running their own mods for a Linux distribution.

Re:Torrents

[PopeRatzo]

I believe it's the Electronic Frontier Foundation.

Oh shit. I should have just said "EFF".

I should never drink and comment. Hell, last night I played my harmonica and it registered a .23

How would they know you have a virus

[Cutting_Crew]

unless they put some of their crappy bloated software on your computer? ISPs ought to be just that. An internet service provider. Give me an internet connection from point A to point B. PERIOD.

Re:How would they know you have a virus

[chemicaldave]

They don't have to see the infection itself, just the symptoms. Frankly, ISPs could probably give a damn about viruses. It's botnets that are the problem. If they see traffic from your IP directed towards a known botnet command node then they can probably assume your machine was compromised.
Unfortunately the issue of inspecting traffic is a tricky one, etc, etc.

Re:How would they know you have a virus

[wanzeo]

My brother's windows 7 box started running slow two weeks ago, but other than that there was no sign of a problem. He attributed it to ageing hardware and kept it on. Within 24 hours the ISP called him and told him he had a serious malware infection. They sent him an exe (apparantly they knew exactly what was wrong), and it fixed it perfectly.

This shocked me, because usually I love to hate the local ISP, but you have to admit, that is some good service. So I guess I would draw the line at being able to identify a specific problem. If it is just suspicious traffic patterns, innocent until proven guilty.

Re:How would they know you have a virus

[biodata]

So someone called up your brother, told him they were from the ISP, and manipulated him to run some software on his computer? That all sounds rather dangerous to me. How did he know he could trust this person?

Customer Contact

[Nethead]

Back in the late '90s that's how we worked at ISPs. If we notices weird traffic on an account or were getting spam complaints, we'd call up the customer. If we couldn't get a hold of them we would disable the account until they called. Some kid pumping out Make Money Fast emails, we'd call mom and have a chat.

Then all the local ISPs got bought up by telco and cable companies. The price didn't go down, just the service.

I'm glad I'm still on one of the last local Mom&Pop ISPs in the area, when I call support I get a guy that actually has enable to the routers. It costs about $15/month more but I'm willing to pay for the service I get.

Re:Customer Contact

[heypete]

Indeed. Cox, a cable ISP in the US, was silently re-writing DNS TTLs from whatever value the authoritative nameserver had set to 30 seconds. It didn't matter if it was a long-lived NS record or a short-lived dynamic DNS entry, everything got changed to 30 seconds. Even the entries for the root nameservers were cached for 30 seconds, increasing their load.

When I had their service and this was affecting me I wrote to their customer support and prefixed the message with a "This is a specialized technical issue about Cox's DNS servers and is not addressable by customer support staff. Please forward this to the systems/network administration folks." The message included a quick summary of the problem, results of dig tests on both Cox's and third-party resolvers, etc.

I got a response two days later saying "We're sorry you're having difficulty setting up your wireless router. You might find the instructions at $URL helpful..."

After that point, I stopped bothering and switched to Google Public DNS. Google's nameservers respected TTLs, didn't do the SiteFinder interception of non-existent domains, and actually had better performance.

One Has To Wonder About Motivation

[Jane+Q.+Public]

Given that most knowledgeable people seem to think it's a bad idea... I have to wonder why government keeps coming up with schemes that essentially require monitoring by the ISP.

I mean, when you consider that as a practical matter, an ISP is (or at least should be) just a common carrier, like a telephone company. In fact the FCC originally -- and even very recently -- wanted to classify ISPs as common carriers. Which would preclude any monitoring. So what's up with all these monitoring ideas?

Are they maybe just trying to get some kind of monitoring in place, so that they can expand it later?

Re:One Has To Wonder About Motivation

[CodeBuster]

I have to wonder why government keeps coming up with schemes that essentially require monitoring by the ISP.

Governments cannot abide anyone but themselves with secrets.

Are they maybe just trying to get some kind of monitoring in place, so that they can expand it later?

Yes. It's like the amphibian in the pot. Turn up the heat gradually and it will remain even after the water is boiling.

Re:Don't want your protection

[Fluffeh]

Now excuse me while this strange web site forces my browser to full screen and scans my Linux Box for viruses...

I recently started getting calls to our home phone number (which is a silent number mind you) from those lovely "Hey, I'm calling from Microsoft to say that you need to install this program to fix your computer..." folks in some nasty call centre. While I do have a few windows machines around, the majority are also linux. I find it strangely pleasing following their instructions, but seeing how long I can drag out the fun for - not pressing the right things, getting them to repeat the instructions over and over again, trying to get them to hang up. My current record is 21 minutes, while they are peddling crap, you got to hand it to them - they really are patient when trying to snarf your money.

FCC chair should mind his own store first

[Karmashock]

The FCC is currently mismanaging radio spectrum sales and partitioning. That is their primary function. Do that and once you're doing your ACTUAL job then worry about the internet which you in fact have no authority over.

The FCC seems to be trying to fail up. TV viewership is dying so they're trying to expand themselves into the internet. I get it. But first maybe they should sell off that radio spectrum and do their actual jobs.

Good Luck With That

[ThatsNotPudding]

We need a general public that understands ...

404 Not Found