NNSquad - Network Neutrality Squad
[ NNSquad ] [IP] Re: Constant Guard - Combating Bots]
----- Forwarded message from David Farber <dave@farber.net> ----- Date: Sun, 11 Oct 2009 09:50:56 -0400 From: David Farber <dave@farber.net> Subject: [IP] Re: Constant Guard - Combating Bots Reply-To: dave@farber.net To: ip <ip@v2.listbox.com> Begin forwarded message: From: Rich Kulawiec <rsk@gsp.org> Date: October 11, 2009 9:26:16 AM EDT To: Gerry Faulhaber <gerry-faulhaber@mchsi.com> Cc: David Farber <dave@farber.net> Subject: Re: [IP] Re: Constant Guard - Combating Bots On Thu, Oct 08, 2009 at 06:31:12PM -0400, Gerry Faulhaber wrote: > Comcast gets a gold star for this one. Comcast has been trying > mightily > to turn its customer service around, which is a really tough fight when > you start with a bad rep. I think this should go pretty far in getting > Comcast into customers' good graces. Way to go, guys. And I concur that -- on a strategic level -- this is the right direction to go. (There is, however, a serious question about tactics that I'll address below.) But I'd like to point something out: Comcast is belatedly just starting to address a critical security problem that's been well-known for much of this decade. Declan McCullagh wrote about this in May 2004: Attack of Comcast's Internet zombies http://news.cnet.com/Attack-of-Comcast%27s-Internet-zombies/2010-1034_3-5218178.html?part=rss&tag=feed&subj=news and that was a year after the problem was discussed in depth in places like the Spam-L mailing list (which along with a handful of others is required reading for everyone working in this field). It was also over a year after this excellent paper (April 2003) analyzing the introduction of the Sobig.a worm into the wild: Sobig.a and the Spam You Received Today http://www.secureworks.com/research/threats/sobig/?threat=sobig All of us knew about it, and knew that Comcast, Verizon, and others were sending massive amounts of spam as a result of an alarming increase in the number of compromised systems on their networks. Comcast knew too; from Declan's article: "We're the biggest spammer on the Internet," network engineer Sean Lutner said at a meeting of an antispam working group in Washington, D.C., last week. So I think an important (and as yet unanswered) question is: why didn't Comcast immediately address this critical problem, instead of allowing it to get steadily worse for 6+ years? This isn't a "debate it for a few years" problem; this is a "page all available engineers and set up cots in the hallways until it's fixed" problem. [1] But just so it's clear that I'm not only bashing Comcast for this: I could say (and have said) the same things about Verizon, Charter, AT&T, Roadrunner, and a host of others. We, as a community, are so incredibly slow at reacting to these issues that abusers can operate with impunity for years at a time before we even *begin* to mildly inconvenience them. And by the time that happens, they're already several steps ahead. Again. While there are certainly all kinds of other things we have to improve, I think adjusting our sense of urgency is at the top of the list. Now, as to the tactical issue I mentioned above: what reason does Comcast have to believe that their users will actually see these pop-ups? After all, they're being sent to computers that are suspected of being compromised, and if they *are* compromised, then those computers no longer belong to the person whose desk or table or lap they're sitting on: they belong to their *new* owners, whether spammers or phishers or anyone else. Surely it doesn't take much to realize that it is not in the best interests of these *new* owners to permit Comcast to alert the *former* owners that something's wrong? It will only take a little while for the same people who crafted the Sobig series of malware and who have turned botnet operation into a profitable business model to deploy the appropriate code to suppress these notifications. They won't take 6+ years to do it; I'll be surprised if they even take 6+ weeks to do it. ---Rsk [1] They certainly had the cash to pay for it; $54 billion will pay for a lot of senior network engineer overtime: Comcast bids for Disney (February 18, 2004) http://money.cnn.com/2004/02/11/news/companies/comcast_disney/ ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com ----- End forwarded message -----