| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 56718 | 2005-04-13 09:49:00 | Should ISPs Disconnect Malware-Infested Boxes? | vinref (6194) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 344458 | 2005-04-13 09:49:00 | As Slashdot (it.slashdot.org) reports, Telstra BigPond is starting to temporarily disconnect trojan-infested boxes that are spewing excess junk traffic. And by the reaction on the site, it seems that some ISPs have been doing it all along. I personally think this is a good thing, as it forces end users to address the security of their internet-connected boxes. If a box is so badly maintained that it is infested with malware, then it probably also exposes the owner to everything from identity theft to phishing and online banking fraud. Maybe the ISP should go a bit further and give away Linux CDs. |
vinref (6194) | ||
| 344459 | 2005-04-13 10:30:00 | After a week or so notice to give owners time to sort the mess out ~ Yes. Plenty of people running malware infested boxes around, might just wake them up a bit. Nothing else has. |
Sue (33) | ||
| 344460 | 2005-04-13 12:53:00 | IU personally think its a great idea. My father was using our home Dial-up account for a while at work. One day our account was failing to Dial-Up, so I rang the helpdesk who politely informed us that we had a Virus and our account had been locked until we called up to resolve it and the excessive amounts of traffic. From there I realised that whilst I had given my family (At the time running Windows) protection through anti-virus software, that there was none at my fathers work PC. We would never have known otherwise that he was vulnerable, ignorance was bliss..... Personally I think its a great idea! |
Chilling_Silence (9) | ||
| 344461 | 2005-04-14 21:40:00 | I do it - it's certainly nothing new. Accounts I get complaints about for spamming/viruses etc have their dial up access removed which forces them to call up. This gives them a chance to talk to a helpdesker who can give them tips on virus removal etc. Previous experience of trying to call people (near on impossible to get them at home, or have a phone number thats still valid on record) or e-mail them (most virus infected machines have problems with their e-mail, and stacks of people use different e-mail addresses) just prove a waste of time and are generally pretty ineffective. If their dialup access ceases they tend to get in touch a lot faster. |
ninja (1671) | ||
| 344462 | 2005-04-14 21:49:00 | on two occasions that I remember within the last 12 months i've seen an isp disable an internet account temporarily until the infection problem was fixed..... | drcspy (146) | ||
| 344463 | 2005-04-14 21:57:00 | I'm glad ISP do this then. A lot of people would be blissfully ignorant of having a load of viruses/malware etc on their machines, or simply aren't not worried about it (lack of understanding about the bigger issues). Cutting off the internet for them is a good way of getting their attention and their problems sorted. I presume the same can be done for ADSL/wireless customers? Lots of people are signing up for this now and would be at an even greater risk because their connections can be left always on. |
Jen (38) | ||
| 344464 | 2005-04-14 22:07:00 | i think it is a good idea. however, how does the ISP tell if its malware or a legit program the person is useing?? there was a bit of a stink when some ISP's blocked certain ports to slow down the spread of some virus's and they had complaints about peoples internet apps (legit not malware) not working due to that port been blocked. | tweak'e (69) | ||
| 344465 | 2005-04-15 00:44:00 | Well ISP's may not have been the only ones who played around with the ports . As XP SP2 also lowered the amount of ports or something, so viruses had less chance of getting thru (If u use P2P programs) . So if u have XP SP2 and use P2P, and whatever you're getting is slower than before (before you installed SP2), this maybe the reason why as well . ISP's most probably go by whatever name appears at their end or something . The filename (or ip address, I would say, if they can see whats going on) would tell them whether its legit or malware / a trojan . |
Speedy Gonzales (78) | ||
| 344466 | 2005-04-15 03:05:00 | Stateful Packet Inspection perhaps? That or they just know what ports the latest viruses are using, as in the case with the blaster worm. Could be said same for ADSL customers, although ADSL is usually for people who do more traffic, faster than Dialup customers. Ive done 28 gigs already this month.... I'd get pretty crabby if they kept cutting me off coz they thought I had a virus (We've got four linux boxes and an Xbox... Virus/malware my ass!) |
Chilling_Silence (9) | ||
| 344467 | 2005-04-16 10:04:00 | Usually based on reports to abuse@thatisp.org.ru Virus infected machines either get reported for the viruses they send out, or reported for the Spam they send when they get recruited as zombie machines. Those reports make their way back to the ISP of origin who can then trace the IP to the offending user. SPI wouldn't really be practical on networks of that size. |
ninja (1671) | ||
| 1 | |||||