Do ISPs Ignore Security Researchers Who Point Out Zombied Machines?

from the not-such-a-good-thing dept

Over the last few years, we’ve all heard stories about how organized crime groups have taken to using botnets of “zombied” computers to run all sorts of scams and spam campaigns. ISPs have been somewhat slow to react. While they try to use fairly blunt instruments, like cutting off certain ports, many don’t seem to have a very good process in place for tracking down and stopping customers whose machines have become unwitting members in a botnet. In fact, security researchers are growing frustrated that when they come across evidence of a hijacked computer, ISPs don’t respond at all when told that a customer is causing trouble. There certainly are a few ISPs that are careful to help get rid of botnets, doing things like quarantining or cutting off certain users from their internet access until their machines are cleaned up, but most of the bigger ISPs don’t appear to do very much at all. Of course, there is the other side of this story — which is that when ISPs may be too proactive, it can often snag people whose machines aren’t actually doing anything wrong. But, it certainly seems like completely ignoring reports with evidence of a botnet may be going to the opposite extreme.

Filed Under: , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Do ISPs Ignore Security Researchers Who Point Out Zombied Machines?”

Subscribe: RSS Leave a comment
Witty Nickname says:

Of course they dont stop it

Can you imagine the bad P.R. of some novice computer user on TV saying “I don’t have any viruses, my computer works, and they took down the internet I paid for.”

In major metro areas they can probably choose between DSL and cable, if one of those choices cuts you off for having viruses (a LOT of people have viruses) which one is going to loose customers?

Lee says:

dumbass system admins

They just don’t care and the problem goes beyond identifying bots in their systems. When bots send spam they forge the sender. They have done that forever and yet mail that can’t be delivered gets “returned” to someone who never sent it because dumbass system admins just don’t care. That multiplies the spam traffic on the net. You would think that these dumbass system admins could set up their mail daemons to verify that the IP of the sender actually matches the IP that sent the mail. They would only have to do this for mail being returned but, once they have identified a bot this way they could block that IP and stop all the spam coming into their system from that bot but, nooooo. Sysadmins are too busy being dumb.

Anonymous Coward says:

I have an automated script that sends emails with complains to respective abuse@…… whenever it detects that somebody’s trying to bruteforce my system. So far about 1-2% of the notified admins responded, and they have been real people, as opposed to corporations. China is notoriously bad at that: their abuse@… addresses often bounce saying “mailbox too full” 😉

chris (profile) says:

three reasons it'll never happen

1) people refuse to take responsibility for their computers
2) people refuse to take responsibility for their actions
3) people refuse to take steps to mitigate the impact of 1&2

if people refuse to take responsibility for their actions, refuse to take responsibility for their computers, they will most assuredly refuse to take responsibility for their computer’s actions.

Richard Ahlquist (profile) says:

Hell yes they ignore it

Check out prjects like Dshield or My Net Watchman, completely automated systems that watch for attacks and notify their ISP or owner of the attacking ISP. I have been a member of both and the sheer lack of response is repulsive. If my firewall detects 26,000 attempted varying ID’s and passwords from an IP address then the blasted ISP should do something about it, but they DONT.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...