Re: Constant Guard - Combating Bots

[David Farber <dave () farber net>]

Begin forwarded message:

From: Rich Kulawiec <rsk () gsp org>
Date: October 11, 2009 9:26:16 AM EDT
To: Gerry Faulhaber <gerry-faulhaber () mchsi com>
Cc: David Farber <dave () farber net>
Subject: Re: [IP] Re: Constant Guard - Combating Bots

On Thu, Oct 08, 2009 at 06:31:12PM -0400, Gerry Faulhaber wrote:
> Comcast gets a gold star for this one.  Comcast has been trying  
> mightily
> to turn its customer service around, which is a really tough fight  
> when
> you start with a bad rep.  I think this should go pretty far in  
> getting
> Comcast into customers' good graces.  Way to go, guys.

And I concur that -- on a strategic level -- this is the right direction
to go.  (There is, however, a serious question about tactics that I'll
address below.)

But I'd like to point something out: Comcast is belatedly just starting
to address a critical security problem that's been well-known for much
of this decade.

Declan McCullagh wrote about this in May 2004:

        Attack of Comcast's Internet zombies
        http://news.cnet.com/Attack-of-Comcast%27s-Internet-zombies/2010-1034_3-5218178.html?part=rss&tag=feed&subj=news

and that was a year after the problem was discussed in depth in places
like the Spam-L mailing list (which along with a handful of others is
required reading for everyone working in this field).

It was also over a year after this excellent paper (April 2003)
analyzing the introduction of the Sobig.a worm into the wild:

        Sobig.a and the Spam You Received Today
        http://www.secureworks.com/research/threats/sobig/?threat=sobig

All of us knew about it, and knew that Comcast, Verizon, and others were
sending massive amounts of spam as a result of an alarming increase in
the number of compromised systems on their networks.  Comcast knew too;
from Declan's article:

        "We're the biggest spammer on the Internet," network engineer
        Sean Lutner said at a meeting of an antispam working group in
        Washington, D.C., last week.

So I think an important (and as yet unanswered) question is: why didn't
Comcast immediately address this critical problem, instead of allowing
it to get steadily worse for 6+ years?  This isn't a "debate it for a  
few
years" problem; this is a "page all available engineers and set up cots
in the hallways until it's fixed" problem. [1]

But just so it's clear that I'm not only bashing Comcast for this:
I could say (and have said) the same things about Verizon, Charter,  
AT&T,
Roadrunner, and a host of others.  We, as a community, are so incredibly
slow at reacting to these issues that abusers can operate with impunity
for years at a time before we even *begin* to mildly inconvenience them.
And by the time that happens, they're already several steps ahead.   
Again.
While there are certainly all kinds of other things we have to improve,
I think adjusting our sense of urgency is at the top of the list.


Now, as to the tactical issue I mentioned above: what reason does  
Comcast
have to believe that their users will actually see these pop-ups?

After all, they're being sent to computers that are suspected of
being compromised, and if they *are* compromised, then those computers
no longer belong to the person whose desk or table or lap they're
sitting on: they belong to their *new* owners, whether spammers
or phishers or anyone else.  Surely it doesn't take much to realize
that it is not in the best interests of these *new* owners to permit
Comcast to alert the *former* owners that something's wrong?

It will only take a little while for the same people who crafted
the Sobig series of malware and who have turned botnet operation
into a profitable business model to deploy the appropriate code
to suppress these notifications.  They won't take 6+ years to do it;
I'll be surprised if they even take 6+ weeks to do it.

---Rsk

[1] They certainly had the cash to pay for it; $54 billion will pay for
a lot of senior network engineer overtime:

        Comcast bids for Disney (February 18, 2004)
        http://money.cnn.com/2004/02/11/news/companies/comcast_disney/




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com