Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Quarantine your infected users spreading malware

from [Marcus Aurelius] Network Security [Permanent Link]
Subject: Re: Quarantine your infected users spreading malware
Date: Wed, 22 Feb 2006 11:53:18 +0100 
On 20/02/06, Gadi Evron <ge@linuxbox.org> wrote:


Many ISP's who do care about issues such as worms, infected users
"spreading the love", etc. simply do not have the man-power to handle
all their infected users' population


By their own choice, might I add.

Consumer-grade ISPs (which is what you are talking about) are forever
trying to lower their subscription costs in order to attract new
users, meaning that they have no choice but to cut operational costs.

The first service to go is invariable the only one that doesn't
generate revenue: the abuse desk.

The end result is a huge botnet running free-wheel with nobody to
clean it up because "Aunty Jane" doesn't know the first thing about
computer security (wossat?) and is going to connect her shiny new
unpatched XP machine to the 'Net without a firewall or an antivirus.

Bang! 15 seconds later her machine is zombified.


Is it the ISP's place to do this? Should the ISP do this? Does the ISP
have a right to do this?


The ISP's rights are irrelevant to a certain extent. By that, I mean
that they cease to exist at the point where they start infringing on
the rights of *other* networks.

Furthermore, some networks tend to forget that their use of the
Internet is not a $deity-given right, but a privilege, and that it is
subject to rules both written and unwritten. If a consumer ISP starts
flaunting those rules and starts being a bad netizen (spewing spam and
viruses, allowing infected machines to attempt ssh brute force attacks
etc.) then the rest of the 'Net will shun that ISP, making it
extremely difficult for the shunned ISP to deliver mail outside its
own network or even, in some cases, access *any* port of a foreign
machine.

It is therefore incumbent upon the ISP to "do the necessary" to ensure
that its users have as full an Internet expreience as possible and
that they are welcome elsewhere. That means that the ISP *must* police
its network. It isn't the ISP's right to do this, it's the ISP's
*duty*.


I respect the "don't be the Internet's firewall issue", not only for the
sake of the cause but also because friends such as Steven Bellovin and
other believe in them a lot more strongly than I do. Bigger issues such
as the safety of the Internet exist now. That doesn't mean user rights
are to be ignored, but certainly so shouldn't ours, especially if these
are mostly unaffected?


The average "Aunty Jane" user isn't going to be running a mail server
at home and wouldn't even notice if access to port 25 of machines
other than her ISP's mail servers was blocked.

--
MA
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Vulnerabilites in new laws on computer hacking, Casper . Dik
Next by Date:  [Full-disclosure] SSH bypassing in Phishing, Gadi Evron
Previous by Thread:  Re: [Full-disclosure] Quarantine your infected users spreading malware, Dana Hudes
Next by Thread:  [Full-disclosure] Advisory: MiniNuke CMS System all versions (pages.asp) SQL Injection vulnerability, nukedx
Indexes:  [Date] [Thread] [Top] [All Lists]