Wills
join:2001-01-03
Port Charlotte, FL
| 5 IPs?
Please explain to me why 5 IP's were allowed to reach 45,000 complaints.
One would think that 3 or 4 would be enough...
I'm glad they are disconnecting them.
--
Abit VP-6 twin 800EB's @ 1002 Mhz.Proud member of the XDC. |
|
scavio
Premium
join:2001-07-14
Melmac
clubs:   | Action Required
I think that reinstalling from scratch, changing all passwords, and getting some soft of firewall would be beneficial. Wish I was in comcast territory right now, I'm sure business would be booming. |
|
Nightfall
My Goal Is To Deny Yours
Premium,MVM
join:2001-08-03
Grand Rapids, MI
 ·Site5.com
 ·AT&T Midwest
 ·Comcast
|  Far beyond Comcast. PEBKAC
This goes far beyond Comcast. Broadband users install SQL server, IIS, and Windows 2000 server on their broadband connections and just open up the ports on their routers. Then, they don't patch their systems. My router logs all these attacks and I see IPs on various networks. Comcast, SBC, Charter, and the list goes on.
Yes, Comcast seems to be making a move. However, ALL ISPs have to make this move. Anyone infected with the Nimda virus for instance. I still get attacks on my router from people infected with this virus. I can't believe it. A patch was out for that attack 6 months before it was released. It has been about a year now (I think) and people are STILL infected? Gimmie a break.
It just goes to show you why the TOS/AUP is written against users having servers on their broadband connections. Even with hardware/software firewalls, the problem exists between keyboard and chair. PEBKAC.
All ISPs have got to come up with a policy. The steps of this new policy should be VERY easy.
1. Infection detected - Warning letter sent out
2. Infection detected a week later - Phone call and warning letter sent out.
3. Infection detected two weeks later - Shut off internet service to home. When user calls to have it reactivated, explain the situation. When the user's computer is cleaned up, then internet service will be reactivated.
All users running these services need to be aware of the situation as well. If they want to run these services and expose them to the internet, then they have to be responsible for them. This means, patching and updating. I have no problem with people wanting to run a small WWW site or FTP site on their connections. The problem is when these things are installed and the ports just opened without any thought to patching or updating. If users want their cake and eat it too, then they have to be more responsible for their systems.
--
My Domain
Nightfall's Hockey and Life Journal |
|
Karl Bode
News Guy
join:2000-03-02
Host:
Road Runner
PC gaming GAMES
PC gaming Tech
| quote:
1. Infection detected - Warning letter sent out
2. Infection detected a week later - Phone call and warning letter sent out.
3. Infection detected two weeks later - Shut off internet service to home. When user calls to have it reactivated, explain the situation. When the user's computer is cleaned up, then internet service will be reactivated.
The zealots in the newsgroups who would destroy a small Ohio town and all of their pets to stop a spammer will find that unacceptable.
To satiate them, I suggest:
1. Beatings about the head and chest.
2. Floggings.
3. More Floggings. |
|
N3OGH
Bear patrol must be working like a charm
Premium
join:2003-11-11
Philly burbs
 ·Verizon FIOS
·Verizon Online DSL
| reply to Wills
Re: 5 IPs?
I agree..
Half the spam I get is from Comcast.net addresses. I am a Comcast customer, and I'm sure that has something to do with it. Half the mail I get is spam.
The bottom line is, if you won't secure your machine, expect to have your connection cut. If you claim you've secured your machine, and it still pumps out spam, well then, hire a pro and get it right.
If my machine was a spam zombie, I would hope they would give me the chance to fix it, but if I kept spewing out the spam, I would expect to be cut off. |
|
brandon
Some truth included in this post.
Premium
join:2003-03-31
Hurley, MS | reply to Nightfall
Re: Far beyond Comcast. PEBKAC
Well more than a year--nimda was released in 2001. |
|
Transmaster
Don't Blame Me I Voted For Bill and Opus
join:2001-06-20
Cheyenne, WY | so simple
It would be so simple for the likes of Comcast to give their customers an anti virus and firewall as part of their subscription price.
--
"Remember when hacking a loogy it comes not so much from the lungs but from the soul." |
|
GNXPower
Got Boost?
Premium
join:2003-12-18
Huntington Beach, CA | reply to Wills
Re: 5 IPs?
'Cause Comcast abuse is a complete joke. The only parts of Comcast that work are those that hose their customers with rate increases. |
|
hbreg
Premium
join:2000-11-09
Feasterville Trevose, PA
| reply to Transmaster
Re: so simple
said by Transmaster  :
It would be so simple for the likes of Comcast to give their customers an anti virus and firewall as part of their subscription price.
This has been discussed before and it wouldn't benefit Comcast 1 bit. The people who's machines are being used as zombies most likely don't have a firewall or A/V software on their computers because:
•They don't know about them
•They don't know how to properly set them up
•They couldn't care less about them
Most computers today come with A/V and Firewall software already installed on them. People just don't know or care about it.
If Comcast gave all of their users A/V and Firewalls can you imagine the support calls to Comcast when people can't configure them properly and can't connect to the Internet. a lot of the support calls now that people are having trouble, Comcast will tell them to turn off any A/V programs and firewalls they have running.
I think if Comcast gets a complaint about an IP being used for spam, monitor the IP, and within an hour they will know by the amount of traffic coming from that machine it is being used for spam and take them off of the network. No warning letters, no phone calls just remove them. Once a person can't connect then they can call Comcast and they can explain it to them. If a person only goes online every few days why have that box on the network spewing spam when you can disconnect the system and it would take a few days for the person to realize they can't get online.
--
I try to keep an open mind, but not so open that my brains fall out. -- Judge Harold T. Stone |
|
SacredNaCl
join:2004-02-17
Saint Louis, MO
| reply to Transmaster
said by Transmaster :
It would be so simple for the likes of Comcast to give their customers an anti virus and firewall as part of their subscription price.
Ultimately that is what it is going to come to. A few ISP's already do ship firewalls and antivirus programs with this DSL/Cable kits. Unfortunately, most of them are trial offers and those that aren't are usually limited to a 6 month or 1 year subscription to updates.
I'm somewhat hesitant to seek legislation in this area, I don't want the equivalent of drivers licenses for the internet - but it would be the responsible thing for the service providers to go ahead and bite the bullet and tack on "$30-40" to the setup fee to include one. Antivirus and firewall vendors would bend over backwards to hear they could get "$2-3 per month from 1 million customers". Big ISP's have a lot to broker with. Is SBC's deal with Yahoo to provide content really any different than this deal would be? Comcast has to be large enough to be able to get at least that good of deal if not a substantially better one.
If they raise their renewal fee "1-2$" to cover it so be it.
It's not like everyone isn't used to cable rate increases, eh? |
|
xmrocks
Premium,MVM
join:2003-09-23
clubs:
·Comcast
| reply to Transmaster
I agree it would be a good idea to have Anti-Virus and Firewall software for both major platforms (Windows and Mac) provided as part of the service. But even then, what percentage of people would actually use it? Sure, people like you and I (and other tech-saavy individuals would jump on it) but those people who are somewhat 'illiterate' in the computer sense would probably pay no attention to it and disregard it.
It's not a bad idea though. I know this is not realistic, but my school's network will check for patches (mainly virus patches) when connected to the network. If you don't have those patches, you're terminated with a message giving you possible reasons why you were terminated. Comcast could do this, but then people would complain about invasion of privacy, etc. etc.
I don't think it's ever going to be a winning situation, unfortunately. However, this is a step in the right direction (taking action against those IP's). |
|
Karl Bode
News Guy
join:2000-03-02 | quote:
But even then, what percentage of people would actually use it?
Exactly. Or know how to use it. Or bother to update it. |
|
vice8686
join:2000-10-13
Lancaster, CA
| said by Karl Bode :
quote:
But even then, what percentage of people would actually use it?
Exactly. Or know how to use it. Or bother to update it.
...or, in fact, I've know people to uninstall those programs claiming slow internet speeds. It's sad. |
|
bradleym
join:2002-08-05
Dunfermline, IL
·Mediacom
| let the beatings begin!
I propose public execution of the spammers themselves in addition to the beatings of the uneducated masses that are being used as relay hosts.
I wish the problem was limited to Comcast - I get spam relayed off tons of other DSL and cable subscribers, too. |
|
quibbly
Premium
join:2003-02-07
Sugar Land, TX | reply to scavio
Re: Action Required
Software firewalls are a complete joke. Easy to bypass and remove. |
|
Bucknet
join:2002-10-18
Hamilton, ON
| reply to Wills
Re: 5 IPs?
I don’t feel it’s the ISP’s reasonability to provide firewalls or antiviral programs. Both are readily available to anyone who wishes to choose those options. Even with firewalls and antiviral in place I see infected machines everyday in the job I do. Just as people don’t update their antiviral programs they also don’t update their operating system, sometimes this is far worse. As ISP’s become more vigilant in protecting their mail server’s spammers have taken to infecting home PC’s more and more. We have some of the fastest speeds in Canada and in the last year have seen a large increase in infected sets running proxy relays. When we spot an infected pc and the user doesn’t answer our contact attemps, the modem is put in quarantine until the user calls in and is advise of the condition their pc is in. For the most part the user is totally unaware of the problem. We will provide them with a number of web sites and informational sites so that they can clean their PC’s but in the end it’s the users responsibility to clean there PC. It should be the responsibility of the ISP to try and keep their footprint as clean as possible so that their user community isn’t impacted by compromised machines residing on that footprint. This is an uphill battle that never ends. We use a 3 strike rule, if a machine appears in the data base 3 times in a certain amount of time the modem Mac is sent to the security dept. and chances of that modem ever being enabled under that customers are reduce greatly. I think we are one of the few isps that are proactive in this area. It’s in the user agreement of most ISP’s if they choose to exercise the option,.Generally we have found our user base to be positive to this approach knowing that at least someone is trying to quell this scourge. |
|
ParanoiaInc
join:2002-08-28
Tucker, GA | This could all be avoided if ...
If the SMTP protocol required a password to even access the SMTP server. Of course, it would do nothing if someone runs their own SMTP server, but then again that could be port-controlled by the ISP. |
|
Jason Levine
Premium
join:2001-07-13
USA
| Base ISPs off of auto insurance?
A thought just occurred to me. I keep hearing Allstate insurance ads which proclaim that if you are a safe driver you should pay less in auto insurance. What if we were to apply the same methodology to broadband ISPs? Take this hypothetical model:
You sign up with ISP X. You can either start with a basic bandwidth amount. Periodically, ISP X checks to see if your system has been generating a suspicious level of traffic. (For example, due to a virus or spammer trojan infection.) If you haven't, you get a bandwidth increase (up to a certain maximum). If you have, you get bumped down in bandwidth and warned about the issue. There would also be a cut off point where, if you flunk the safety test 3 times in a row, you'd get disconnected.
This way safe surfers would get the opportunity to surf faster and infected surfers wouldn't be able to spread spam/viruses as fast (or at all). Of course, there are a lot of nagging details (switching providers would start you from scratch, do anti-virus programs get you an automatic bump up, do you have to provide proof of updating, does a firewall bump you up, etc) but I think the basic plan might work.
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/ |
|
Jason Levine
Premium
join:2001-07-13
USA
| reply to ParanoiaInc
Re: This could all be avoided if ...
Most of the modern spam trojans include their own SMTP engine, so a password wouldn't protect anything.
As far as ISP port blocking goes, I'm against that. I connect to two systems to download my non-ISP e-mail. If my ISP blocked the mail ports, I wouldn't be able to view my mail and my connection to the Internet wouldn't be as valuable to me. (Ok, I could get everything set to use a different port, but that's beside the point.)
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/ |
|
Timo_D
join:2002-10-22
Chicago, IL
| the next step in social engineering
So now that ALL email is suspicious (with 419 scams and phishing), who is going to believe an email from "comcast" telling you that you have a virus or worm? I get dozens of those spams every day. Everyone has been trained over the last year or two to be suspicious of ALL email, it has become an untrusted transmission medium, about the only way to verify the validity of a message is that if it "sounds like your friend" when it says it is from one. So this is a nice try but everyone will have to start going out of band, like via phone calls or via letters in the mail (or service disconnections.)
I guess the other thing is that these worms set up their own SMTP engines, which means that the zombie machines may not even be going through comcast's email servers. Could be hitting an open proxy somewhere? So the suggestion to have comcast do authenticate senders might not work. |
|
