[Dshield] Interesting Zombie Data Graphs

jayjwa jayjwa at atr2.ath.cx
Wed Nov 9 02:26:35 GMT 2005

On Mon, 7 Nov 2005, mjcarter at ihug.co.nz wrote:

-> I started a company with this problem in mind; ISPs do have
-> the ability to identify Zombies and other infections. But
-> most would not have the resource to handle the cleanup
-> themselves. Most of the time you won't be able to talk a
-> user through cleanup without spending hours on the phone and
-> there is always the danger of ending up with a dead system
-> due to miss interpreted instructions, language barriers,
-> wrong diagnosis, etc.

-> It is also resource intensive to have the customer "bring it
-> in". Do ISPs have the room or the staff to handle this? I
-> doubt that also especially during a major event, so I
-> believe that their (ISPs) best option is to shut off access
-> to their service.

I agree completely. If you find a system that's spewing spam, viruses, or 
other undesirables, pull the plug on it, save the evidence, make note of it to 
the helpdesk. When the customer calls, simply explain why they've been cut 
off. Be ready to provide logs, samples or some other proof so show that, yes, 
beyond a shadow of a doubt, there is a problem. This is the problem, it's up 
to the user to fix it. Stop it, clean it, disinfect it, fix the problem. Only 
then do you jack them back in. The people that maintain our roads and hiways 
aren't responsible for also fixing our cars, I don't see why it should be 
different with computers on the Internet.

Strict regulation and blocking things off isn't the answer either, because 
then *everyone* ends up with a safety-coated, kiddie-gloved Internet that's 
been watered down to the point of being no where near as useful as it 
otherwise would be.

Back to the original topic of this post; all my spam and junk mail this week 
was from large email providers or from ISP-designated outbound mailservers 
with the exception of one, a MLM scam from a dial-up user on Tiscali.fr who 
also inadvertantly included his street address in the mail. By and large 
Hotmail's mailservers sending for both Hotmail and MSN where the biggest 
relayers of spam. So far they've been pretty good about taking and acting on 
abuse reports.

As far as Comcast, I've heard complaints about them before, but I can't 
remember the last time they sent any junk mail my way. I have several people 
that I coorespond with on Comcast; I both send to and received from their 
servers, usually every day.


    / /     __  __  __  __  __ __  __ mail me for my *
   / /__   / / /  \/ / / /_/ / \ \/ /  *  email address.
  /_____/ /_/ /_/\__/ /_____/  /_/\_\ ::[ATr2 RG 2005]::

More information about the list mailing list