Interesting People mailing list archives
Re: Not so fast, broadband providers tell big users
From: David Farber <dave () farber net>
Date: Thu, 15 Mar 2007 17:01:25 -0400
Begin forwarded message: From: Joe St Sauver <joe () oregon uoregon edu> Date: March 15, 2007 1:14:22 PM EDT To: dave () farber net Subject: RE: [IP] Re: Not so fast, broadband providers tell big users Reply-To: joe () oregon uoregon edu Hi Dave, For [IP], if you wish... Rich Kulawiec <rsk () gsp org> mentioned: #And that is one place where providers could not only free up some #bandwidth, but could spare the rest of us the ongoing flood of abuse. #Just blocking outbound port 25 connections would provide substantial #relief -- locally (and elsewhere), >90% of inbound spam is coming #from zombie'd systems on broadband providers. # #(Yes, I know it's a band-aid, and yes, I know it breaks the end-to-end #connectivity principle here, but we're getting pummeled and it's the#best fix we have...because nobody seems ready, willing, and able to secure
#the huge number of zombie'd systems out there and keep them that way.) I'd encourage folks to see "Infected PCs Acting as Spam Zombies: We Need to Cure the Disease, Not Just Suppress the Symptoms," a talk I did for the 2nd Joint London Action Plan-CNSA Workshop held in Brussels, December 2006... If you're interested, you can get a copy online at:http://www.uoregon.edu/~joe/lapcnsa2/london-action-plan.ppt (or .pdf)
As noted in that talk, just blocking outbound port 25 traffic fails on so many levels... for example, just to mention one problem with that approach, it leaves tens of millions of infested machines live and still able to be used for myriad other nefarious purposes including (but not limited to): -- participating in distributed denial of service attacks, flooding attack targets with unwanted traffic -- scanning additional systems for exploitable vulnerabilities, -- sniffing network traffic for passwords or other sensitive content,-- hosting illegal web content (such as malware, child porn, warez or phishing sites), or hosting tunnels to such sites hosted elsewhere
-- conducting pay-per-click fraud against online advertisers, etc. What's really needed is a coordinated international *governmental* response to the cyber epidemic we collectively face. But hey, where's even something as simple as a consumer-oriented TV security awareness campaign? Many consumers don't even know that their PCs may have been suborned, and that they may unintentionally be helping miscreants to do all sorts of bad things. If infested PCs were a problem, surely we'd be seeing a *huge* public awareness campaign talking about that problem -- wouldn't we? And what do each of our governments propose to do to help consumers clean up their zombied systems? In the US, we've got FEMA for physical disasters, and the CDC and state health departments for outbreaks of infectious diseases, but --> Who's responsible for helping to identify, contain and combat consumer *cyber infections*? <-- If Katrina strikes, the government hands out MREs, bottled water, and blankets, and assists with the relocation of the displaced. If an infectious disease breaks out, the government insures that medication gets distributed and preventive vaccinations get administered. But if a cyber disaster occurs, what does the government hand out? Nothing. We have no automated tools, no "one-click CD" with which citizens with striken systems can begin basic self-remediation. We have nothing to give citizens with infected sytsems for cyber first aid. We have nothing to give them to get them started down the road to being clean and secure once more. Why is that? Having throught about this problem, I believe infested consumer PCs are not viewed as "a government problem." Infested consumer PCs may be a *personal* problem, or perhaps a problem for the consumer's ISP, but they're not viewed as "the government's problem." It's a shame that that's the perception, because all those infected PCs *ARE* in fact something which should be viewed as a governmental problem, if only because all those infected PCs represent a potent vector for potentially attacking critical online infrastructure (including online governmental resources, online financial resources, and online e-commerce activities). Given the tens of millions of infested consumer PCs out there, we really need a plan and a program of government action to start getting them fixed. Regards, Joe St Sauver, Ph.D. (joe () uoregon edu) http://www.uoregon.edu/~joe/ Disclaimer: all opinions strictly my own ------------------------------------------- Archives: http://v2.listbox.com/member/archive/247/@now Powered by Listbox: http://www.listbox.com
Current thread:
- Not so fast, broadband providers tell big users David Farber (Mar 12)
- <Possible follow-ups>
- Re: Not so fast, broadband providers tell big users David Farber (Mar 13)
- Re: Not so fast, broadband providers tell big users David Farber (Mar 15)
- Re: Not so fast, broadband providers tell big users David Farber (Mar 15)
- Re: Not so fast, broadband providers tell big users David Farber (Mar 15)