by Mike Masnick

Comcast Admits Their Zombie Problem

from the biggest-spammers-on-the-net dept

People have been talking about the problems of zombie machines spewing spam for a while. One of the biggest issues is how to get the broadband providers to do something about it, and to help stop the flow of spam from the computers of users who have no idea they're sending out spam. One of the biggest targets in this discussion is Comcast - who, by their sheer size in the market, appears to have the most subscribers with compromised machines. In fact, last week, they admitted that they were, technically, "the biggest spammer on the internet." They say that Comcast users send out 800 million messages a day - and 700 million of them are spam from zombie machines. Many have complained that Comcast hasn't taken the situation seriously, but that seems to have changed lately. Over the last few months they've been a lot more proactive in letting subscribers know that their machines have been taken over - but it still takes a while, and end-users who end up getting cut off are often not savvy enough to understand what's happening or how to fix it. One potential solution is to block port 25 - something that many other ISPs do - but Comcast has rejected that plan, knowing that the complaint and support costs would be overwhelming. Instead, it sounds like they've come up with a fairly creative method of dealing with the problem. They're going to monitor overall usage, and if they become aware of a problem, they will remotely adjust only that user's modem to block port 25. While this may still cause an occasional headache for some users, the overall impact should be much lower, and the non-tech-savvy zombie-fied customer will have the problem they didn't know about solved without them knowing about it as well.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  • identicon
    Anonymous Coward, 24 May 2004 @ 12:58pm

    Creative Solution Doublespeak

    Instead of blocking port 25 they've decided to block port 25 instead.

    reply to this | link to this | view in chronology ]

  • identicon
    Nonesuch, 24 May 2004 @ 9:54pm

    Intercept SMTP traffic

    Just as many ISPs transparently intercept outbound TCP/80 traffic and force all browser clients to use a caching proxy unless the user opts-out, Comcast could intercept all outbound TCP/25 traffic from the average dynamic IP customer pools, force connections through a dedicated pool of "customer" SMTP relay servers.

    This would allow automated detection and selective blocking of zombies, along with virus scanning, rate limiting, and other controls.

    Customers who want to run their own mail servers would be upset, as would users who want to send email through authenticating SMTP servers at their employer or email provider. (For the latter, the smart customers will use SSL encrypted SMTP on TCP/465.)

    reply to this | link to this | view in chronology ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.