Re: botted hosts

[Suresh Ramasubramanian <ops.lists () gmail com>]

On Apr 4, 2005 2:29 PM, Sean Donelan <sean () donelan com> wrote:
> Unfortunately, researchers haven't come up with a better way to fix
> compromised machines without destroying the innocent victims' work.

Sad. Then what the man does is to hire someone to take a backup of
everything and go over the backup for virus infections.  Or maybe he
could wait for when the infections in his PC finally ruin it beyond
use for him ..

> So how do you encourage people to fix their computers, without the press
> writing lots of stories about "evil" ISPs cut off service to grandmother's
> on social security looking at pictures of their grandchildren.
>
> There are at least 20 million and probably more compromised computers on
> the Internet.  Who has a plan to fix them?

Cut them off at any rate.  Symantec's turntide "antispam router"
(really an IDS + stateful firewall for spam) seems a godawful idea for
inbound mail right now, given the current behavior of proxy trojans,
but I can see where it'd be quite useful on an outbound mail stream
from an ISP's IP space

Find them, isolate them into what some providers call a "walled
garden" - vlan them into their own segment from where all they can
access are antivirus / service pack downloads and an 1-800 number to
call tech support at their ISP

-- 
Suresh Ramasubramanian (ops.lists () gmail com)