[ NNSquad ] [IP] Re: Constant Guard

NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] [IP] Re: Constant Guard - Combating Bots]

To: nnsquad@nnsquad.org
Subject: [ NNSquad ] [IP] Re: Constant Guard - Combating Bots]
From: Lauren Weinstein <lauren@vortex.com>
Date: Sun, 11 Oct 2009 09:52:34 -0700

----- Forwarded message from David Farber <dave@farber.net> -----

Date: Sun, 11 Oct 2009 09:50:56 -0400
From: David Farber <dave@farber.net>
Subject: [IP] Re:     Constant Guard - Combating Bots
Reply-To: dave@farber.net
To: ip <ip@v2.listbox.com>

Begin forwarded message:

From: Rich Kulawiec <rsk@gsp.org>
Date: October 11, 2009 9:26:16 AM EDT
To: Gerry Faulhaber <gerry-faulhaber@mchsi.com>
Cc: David Farber <dave@farber.net>
Subject: Re: [IP] Re: Constant Guard - Combating Bots

On Thu, Oct 08, 2009 at 06:31:12PM -0400, Gerry Faulhaber wrote:
> Comcast gets a gold star for this one.  Comcast has been trying  
> mightily
> to turn its customer service around, which is a really tough fight when
> you start with a bad rep.  I think this should go pretty far in getting
> Comcast into customers' good graces.  Way to go, guys.

And I concur that -- on a strategic level -- this is the right direction
to go.  (There is, however, a serious question about tactics that I'll
address below.)

But I'd like to point something out: Comcast is belatedly just starting
to address a critical security problem that's been well-known for much
of this decade.

Declan McCullagh wrote about this in May 2004:

	Attack of Comcast's Internet zombies
	http://news.cnet.com/Attack-of-Comcast%27s-Internet-zombies/2010-1034_3-5218178.html?part=rss&tag=feed&subj=news

and that was a year after the problem was discussed in depth in places
like the Spam-L mailing list (which along with a handful of others is
required reading for everyone working in this field).

It was also over a year after this excellent paper (April 2003)
analyzing the introduction of the Sobig.a worm into the wild:

	Sobig.a and the Spam You Received Today
	http://www.secureworks.com/research/threats/sobig/?threat=sobig

All of us knew about it, and knew that Comcast, Verizon, and others were
sending massive amounts of spam as a result of an alarming increase in
the number of compromised systems on their networks.  Comcast knew too;
from Declan's article:

	"We're the biggest spammer on the Internet," network engineer
	Sean Lutner said at a meeting of an antispam working group in
	Washington, D.C., last week.

So I think an important (and as yet unanswered) question is: why didn't
Comcast immediately address this critical problem, instead of allowing
it to get steadily worse for 6+ years?  This isn't a "debate it for a few
years" problem; this is a "page all available engineers and set up cots
in the hallways until it's fixed" problem. [1]

But just so it's clear that I'm not only bashing Comcast for this:
I could say (and have said) the same things about Verizon, Charter, AT&T,
Roadrunner, and a host of others.  We, as a community, are so incredibly
slow at reacting to these issues that abusers can operate with impunity
for years at a time before we even *begin* to mildly inconvenience them.
And by the time that happens, they're already several steps ahead.  Again.
While there are certainly all kinds of other things we have to improve,
I think adjusting our sense of urgency is at the top of the list.

Now, as to the tactical issue I mentioned above: what reason does Comcast
have to believe that their users will actually see these pop-ups?

After all, they're being sent to computers that are suspected of
being compromised, and if they *are* compromised, then those computers
no longer belong to the person whose desk or table or lap they're
sitting on: they belong to their *new* owners, whether spammers
or phishers or anyone else.  Surely it doesn't take much to realize
that it is not in the best interests of these *new* owners to permit
Comcast to alert the *former* owners that something's wrong?

It will only take a little while for the same people who crafted
the Sobig series of malware and who have turned botnet operation
into a profitable business model to deploy the appropriate code
to suppress these notifications.  They won't take 6+ years to do it;
I'll be surprised if they even take 6+ weeks to do it.

---Rsk

[1] They certainly had the cash to pay for it; $54 billion will pay for
a lot of senior network engineer overtime:

	Comcast bids for Disney (February 18, 2004)
	http://money.cnn.com/2004/02/11/news/companies/comcast_disney/

-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com

----- End forwarded message -----

Prev by Date: [ NNSquad ] Re: Comcast's "Evil Bot" Scanning Project (Lauren Weinstein)
Next by Date: [ NNSquad ] Re: Comcast's "Evil Bot" Scanning Project (Lauren Weinstein)
Previous by thread: [ NNSquad ] Microsoft's "Cloudburst" - Spectacular Data Loss Drowns Sidekick Users
Next by thread: [ NNSquad ] EU touts Europe's "pro-competition" NN approach as superior to U.S. deregulation
Index(es):
- Date
- Thread