[Dshield] Interesting Zombie Data Graphs
jayjwa at atr2.ath.cx
Wed Nov 9 02:26:35 GMT 2005
On Mon, 7 Nov 2005, mjcarter at ihug.co.nz wrote:
-> I started a company with this problem in mind; ISPs do have
-> the ability to identify Zombies and other infections. But
-> most would not have the resource to handle the cleanup
-> themselves. Most of the time you won't be able to talk a
-> user through cleanup without spending hours on the phone and
-> there is always the danger of ending up with a dead system
-> due to miss interpreted instructions, language barriers,
-> wrong diagnosis, etc.
-> It is also resource intensive to have the customer "bring it
-> in". Do ISPs have the room or the staff to handle this? I
-> doubt that also especially during a major event, so I
-> believe that their (ISPs) best option is to shut off access
-> to their service.
I agree completely. If you find a system that's spewing spam, viruses, or
other undesirables, pull the plug on it, save the evidence, make note of it to
the helpdesk. When the customer calls, simply explain why they've been cut
off. Be ready to provide logs, samples or some other proof so show that, yes,
beyond a shadow of a doubt, there is a problem. This is the problem, it's up
to the user to fix it. Stop it, clean it, disinfect it, fix the problem. Only
then do you jack them back in. The people that maintain our roads and hiways
aren't responsible for also fixing our cars, I don't see why it should be
different with computers on the Internet.
Strict regulation and blocking things off isn't the answer either, because
then *everyone* ends up with a safety-coated, kiddie-gloved Internet that's
been watered down to the point of being no where near as useful as it
otherwise would be.
Back to the original topic of this post; all my spam and junk mail this week
was from large email providers or from ISP-designated outbound mailservers
with the exception of one, a MLM scam from a dial-up user on Tiscali.fr who
also inadvertantly included his street address in the mail. By and large
Hotmail's mailservers sending for both Hotmail and MSN where the biggest
relayers of spam. So far they've been pretty good about taking and acting on
As far as Comcast, I've heard complaints about them before, but I can't
remember the last time they sent any junk mail my way. I have several people
that I coorespond with on Comcast; I both send to and received from their
servers, usually every day.
/ / __ __ __ __ __ __ __ mail me for my *
/ /__ / / / \/ / / /_/ / \ \/ / * email address.
/_____/ /_/ /_/\__/ /_____/ /_/\_\ ::[ATr2 RG 2005]::
More information about the list