Re: FCC in

Re: FCC in http://www.dslreports.com/forum/r10004735 en Sun, 29 Nov 2009 02:40:19 EDT Sun, 29 Nov 2009 02:40:19 EDT Re: FCC http://www.dslreports.com/forum/remark,10010212 TraumaJunkie :

said by Nightfall :
Lets take it a step further.
Step 1 - Notify the user via email. Give one week for the computer to be cleaned.
Step 2 - Notify the user via email and snail mail or telephone. Give one week for the computer to be cleaned.
Step 3 - Cut users internet access and notify user. Until system is cleaned, access will not be reactivated.

This is very close to what Comcast does. When a machine is identified as spamming the access to outbound email is cut off for 24 hours and an email is sent to inform the user they have been identified and given a chance to clean up their machine. Ignoring the warning leads to total cut-off of access to email and eventually the service is shut down for abuse. The local call center personnel can not reverse these blocks or termination of service, it has to be handled directly by the abuse department.

Spam has gotten out of hand and legislation will not stop it. I have no idea how to stop spam but would wholeheartedly support any inititive that would put an end to ANY and ALL UNSOLICITED email.
--
Air goes in and out, blood goes 'round and 'round. Any deviation from this can indicate a problem.]]> http://www.dslreports.com/forum/remark,10010212 Sun, 18 Apr 2004 23:36:42 EDT Re: FCC http://www.dslreports.com/forum/remark,10006428 Andrew J : Now you know why some ISPs are not permitting servers to be run on their connections.
-----------------------------
The only way to run a server over cable without hosing the node is to have one cable for down and another cable for up. I can tell you that ain't gonna happen anytime soon.
--
If you give a little and they give a lot.]]> http://www.dslreports.com/forum/remark,10006428 Sun, 18 Apr 2004 16:08:31 EDT Re: FCC http://www.dslreports.com/forum/remark,10004735 SongCloud : I have had Comcast install cable internet 3 times in 3 different places. The people that they have doing the installations are morons at best. The last time I had the HSI service installed, I had to teach the 2 installers how to use the ping command. They didn't even know that they had to use a proxy to enable the connection. I will NEVER let an installer touch any of my machines. It's just too risky given my prior experiences with installers. Anyway, anything they need to do, I can do myself, and probably quicker and more efficiently. CCNA certification comes in handy sometimes!! :D

~SongCloud]]> http://www.dslreports.com/forum/remark,10004735 Sun, 18 Apr 2004 12:28:20 EDT Re: FCC http://www.dslreports.com/forum/remark,9994862 TamaraB :

said by russotto :
Anti-spammers are always willing to destroy the net in order to save it.

Actually it's the spammers, and those ISPs and individuals who support them who are willing to destroy the net. Anything to make a buck eh??

Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME. »www.tamara-b.org
]]> http://www.dslreports.com/forum/remark,9994862 Sat, 17 Apr 2004 02:02:14 EDT Re: FCC http://www.dslreports.com/forum/remark,9994851 TamaraB :

said by JTRockville :
Let's not forget the reason why such a drastic amount of spam is spewing from Comcast domains: Comcast has allowed spam to flourish, unchecked, for a very long time.

Why do you suppose that is?? Greed perhaps??

said by JTRockville :
Does their inaction warrant a port block for their entire customer base?

Yes; but I doubt it will ever happen, it would hurt bottom line.

said by JTRockville :
Maybe. But the situation could be diffused much more effectively with a policy that is tough on spammers and zombies, rather than all Comcast customers.

An effective policy would work, but it too would affect bottom line. It costs $$$ to chase down, warn, help clean, monitor, and expell users. Greed won't allow this to happen.

Only when action is less expensive than inaction will things change. When a significant portion of the net gets so pissed that they block Comcast IP blocks (both port 25 and 80) will Comcast do something real. They will fix the problem when it costs too much not to.

Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME. »www.tamara-b.org
]]> http://www.dslreports.com/forum/remark,9994851 Sat, 17 Apr 2004 01:59:00 EDT Re: FCC http://www.dslreports.com/forum/remark,9992902 JTRockville : Let's not forget the reason why such a drastic amount of spam is spewing from Comcast domains: Comcast has allowed spam to flourish, unchecked, for a very long time.

Does their inaction warrant a port block for their entire customer base?

Maybe. But the situation could be diffused much more effectively with a policy that is tough on spammers and zombies, rather than all Comcast customers.]]> http://www.dslreports.com/forum/remark,9992902 Fri, 16 Apr 2004 21:14:16 EDT Re: FCC http://www.dslreports.com/forum/remark,9991738 BosstonesOwn :

said by russotto :
Anti-spammers are always willing to destroy the net in order to save it.

One point of having a broadband connection -- particularly one such as mine with a static IP -- is to have a first-class connection to the Internet. Some port-80(in) and port-25(in/out) blocked abomination doesn't cut it.

Then you choose an isp that wants to give you those options comcast does not give this option. That simple you want it you pay for it. I think comcast should block it and stop all the spam make our network a better place. Let the other isps worry about their problems.

If such a drastic amount of spam is being sent from the comcast network. I think a port block is well warranted. We want a better more stable network and people sending spam over it does nothing for us but drag it down.

Close them ports and save our network comcast :)
--
This package does not contain a winner...]]> http://www.dslreports.com/forum/remark,9991738 Fri, 16 Apr 2004 18:28:04 EDT Re: FCC http://www.dslreports.com/forum/remark,9991050 TheMadSwede :

said by fantomposter :

said by Nightfall :

Maybe keep these ports open to you initially, but then if your system is comprimised, the ports are closed.

Good idea, but how about the converse? Close them all and open it for anyone that asks. My GUESS, 95 percent of the people would not even notice they were closed.

I'm with you 100% on this, but I'm also laughing to myself as I imagine all the glass-is-half-empty posters here on BBR complaining about port 25 being blocked by that darn [insert ISP name here]. We're never happy.
--
A good idea expressed in a poor manner is a bad idea.]]> http://www.dslreports.com/forum/remark,9991050 Fri, 16 Apr 2004 17:06:15 EDT Re: FCC http://www.dslreports.com/forum/remark,9991029 JTRockville :

said by Nightfall :
Since experienced network people cost money, and you are going to need a nice group of them to monitor all the systems and look for violations, I don't see it happening.

Does Comcast really think they can provide network services without hiring experienced network people? Weren't the "synergies and efficiencies" of running such a huge network supposed to minimize costs such as these?

If you don't see experienced network people dealing with these issues competently, then you've overlooked AOL (and probably other providers too).]]> http://www.dslreports.com/forum/remark,9991029 Fri, 16 Apr 2004 17:03:20 EDT Re: FCC http://www.dslreports.com/forum/remark,9991013 russotto : Anti-spammers are always willing to destroy the net in order to save it.

One point of having a broadband connection -- particularly one such as mine with a static IP -- is to have a first-class connection to the Internet. Some port-80(in) and port-25(in/out) blocked abomination doesn't cut it.]]> http://www.dslreports.com/forum/remark,9991013 Fri, 16 Apr 2004 17:01:58 EDT Re: FCC http://www.dslreports.com/forum/remark,9990587 fantomposter :

said by Nightfall :

Maybe keep these ports open to you initially, but then if your system is comprimised, the ports are closed.

Good idea, but how about the converse? Close them all and open it for anyone that asks. My GUESS, 95 percent of the people would not even notice they were closed.]]> http://www.dslreports.com/forum/remark,9990587 Fri, 16 Apr 2004 16:10:23 EDT Re: FCC http://www.dslreports.com/forum/remark,9990453 Nightfall :

said by JTRockville :
Does the solution always have to be soooooooo draconian?

AOL has enjoyed much success by blocking port email from the offending IPs.

Why couldn't/doesn't Comcast do this?

That is also an option.

Maybe keep these ports open to you initially, but then if your system is comprimised, the ports are closed. I think of it like network access. You are given full rights to do what you want. If you prove yourself to be a moron when it comes to security, then you are downgraded. If the ISP downgrades you, then they have to submit a message to the user explaining why and so on.

Obviously, this won't fix the port 80 attacks bouncing off my router because you can't close that port if the user is a moron without shutting down their entire internet access. :)

In some cases, it has to be draconian and in other cases it doesn't. If we want to have a system like this, each ISP is going to have to hire experienced network people to be able to determine if these machines have been comprimised. There should be a checks and balances system in place so only the users who have comprimised machines have their connections turned off or ports closed. There can be no room for error due to the fact that it will take only one user who gets shut down to complain about it and cause a huge stink.

Since experienced network people cost money, and you are going to need a nice group of them to monitor all the systems and look for violations, I don't see it happening.

It would be easier to just cut the connection instead of do it the right way. :)
--
My Domain
Nightfall's Hockey and Life Journal]]> http://www.dslreports.com/forum/remark,9990453 Fri, 16 Apr 2004 15:51:01 EDT Re: FCC http://www.dslreports.com/forum/remark,9990160 JTRockville : Does the solution always have to be soooooooo draconian?

AOL has enjoyed much success by blocking port email from the offending IPs.

Why couldn't/doesn't Comcast do this?]]> http://www.dslreports.com/forum/remark,9990160 Fri, 16 Apr 2004 15:14:15 EDT Re: FCC http://www.dslreports.com/forum/remark,9989354 Nightfall : I agree, a week is a little too long.

If I were in charge, it would be 4 hours or immediate suspension of internet access. However, as other posters have said, this is very labor intensive. How many network engineers are you going to have watching over these connections. The big question is, should have have to be spending hours policing all the computers on their network? I am a network manager and that is my job, but I also regulate what all the computers have on them in my network. On the broadband network, these engineers are going to have much much more to deal with.

Looks like a difficult situation to deal with.
--
My Domain
Nightfall's Hockey and Life Journal]]> http://www.dslreports.com/forum/remark,9989354 Fri, 16 Apr 2004 13:30:48 EDT Re: FCC http://www.dslreports.com/forum/remark,9989154 TamaraB :

said by Nightfall :
There are zombie machines on every broadband provider's network. As of right now, according to my router logs, I am getting hit by comcast, charter, SBC, etc. This goes far beyond just Comcast's problem.

According to our sendmail logs we see the same; However
the spam from Comcast is more than all the others you
mention combined.

said by Nightfall :
Now, what to do about these infected machines?

Route ALL packets with a destination port of 25 to an
authorised Comcast SMTP server. Problem SOLVED Cheaply!

If you dissallow direct SMTP From broadband networks, the
totality of the spam problem as we know it, will cease to exist; and blacklist operators will concentrate on direct
spammers.

This would also enhance security, as the major reason for
hijacking home pc's on broadband networks is to turn them into smap-bots. There would be nothing to be gained by spammers hijacking computers connected to broadband connections.

said by Nightfall :

Step 1 - Notify the user via email. Give one week for the computer to be cleaned.
Step 2 - Notify the user via email and snail mail or telephone. Give one week for the computer to be cleaned.
Step 3 - Cut users internet access and notify user. Until system is cleaned, access will not be reactivated.

Make this a policy across the board through all ISPs. That will solve the problem.

This solution is VERY Labor intensive (Labor=$$$), and would actually exaserbate the problem. Spammers would step up the hijackings, knowing they had a very limited time (One week by your solution) to use the infected PC's.

I am afraid port-blocking is the only viable solution if you really want to stop this abuse. I would also advocate blocking all port 80 inbound connections to broadband networks, as a lot of hijackings are for the purpose of "bullet-proof" web hosting.

For those subscribers who absolutely need direct SMTP/HTTP to their home machines, some form of special service can be offered. Perhaps taking a course, and taking a test, and paying a bit more?? Perhaps a periodic security scan on these by the ISP ??

Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME. »www.tamara-b.org
]]> http://www.dslreports.com/forum/remark,9989154 Fri, 16 Apr 2004 13:09:51 EDT Re: FCC http://www.dslreports.com/forum/remark,9989066 newview :

said by fantomposter :
A simple outgoing port 25 block at the nearest router for the IP address the infected user is on and the flow of spam stops.

BINGO

But take it a step further . . . port 25 blocking across the entire network. Stopping the spam abusing the rest of the internet takes precedence over the inconvenience of those who may be legitimately sending email thru servers other than those belonging to their ISP.

Then Comcast can fight it out with zombied customers who continually bang on the door of a closed port without the rest of the internet receiving the garbage.
--
The Rules of Spam | Maryland's New Anti-Spam Law
Where are we going? And what's with the hand basket? ]]> http://www.dslreports.com/forum/remark,9989066 Fri, 16 Apr 2004 12:58:24 EDT Re: FCC http://www.dslreports.com/forum/remark,9988854 anon : --------------------------------------------
I also agree with you Nightfall,but i think they have to stop the self installation,s hookups.
As it is now the installer never see,s the computer getting the new installation and that computer could be dirty from the start.

Comcast and other HSI network need to have some control over hookup,s from the start.
--
Terry D.
--------------------------------------------

Surely you jest! When Comcast came to install my connection, they fooled around with trying to get it provisioned for a couple of hours... then I had to step away for a couple of minutes. When I returned, they were on my system un-installing some of my hardware drivers for my ATI 8500DV A-I-W, and several other hardware functions along with my dialer for my fax and a few other things ( read this as "Custom Written Software" that I had written.

For what it's worth, these guys didn't know the first thing about a computer system, what to do with it, how to work it or anything else. To top it off, when they left, the internet connection wasn't working and my machine wasn't booting correctly. These guys told me the problem was becaue I have my HP 990 hooked to 2 physical systems at the same time ( 1 USB; 1 Parallel)!

It took me some 3 days to start from scratch and re-install my operating system and everything else.

Now, if for any reason Comcast comes to do anything, I don't let them touch anything execpt perhaps the cable modem.. heck.. after all... that's theirs, but if they want to re-plug my machine from out of my router to the back of their modem, I grill em' pretty good to find out what they think they are going to accomplish... and for goodness sake... my keyboard is completely off limits... ]]> http://www.dslreports.com/forum/remark,9988854 Fri, 16 Apr 2004 12:27:28 EDT Re: FCC http://www.dslreports.com/forum/remark,9988694 fantomposter :

said by Nightfall :

Step 1 - Notify the user via email. Give one week for the computer to be cleaned.
Step 2 - Notify the user via email and snail mail or telephone. Give one week for the computer to be cleaned.
Step 3 - Cut users internet access and notify user. Until system is cleaned, access will not be reactivated.

An infected machine can send millions of spam messages a day. You are letting the infected user sent 14 million+ messages before your plan does anything about it. I think that is totally unaceptable.

Upon receipt of a complaint and verification that the machine is infected, easy to do with a scan, the ISP must immediatly stop the flow of spam, period.

And that is easy to do also. A simple outgoing port 25 block at the nearest router for the IP address the infected user is on and the flow of spam stops.

There is no reason for anything more than 3 to 4 day turn around time on stopping the flow of spam from an infected machine. Any thing less is an excuse by the ISP.]]> http://www.dslreports.com/forum/remark,9988694 Fri, 16 Apr 2004 12:05:11 EDT Re: FCC http://www.dslreports.com/forum/remark,9988606 Krispy :

said by Nightfall:
Step 1 - Notify the user via email. Give one week for the computer to be cleaned.

A week?!?!?! Oh my, within 24 hours these machines can send out hundreds of thousands of messages, a week is FAR too long to wait. In some cases I suspend without warning, I don't like to do it but if it's a particularly busy worm/virus/trojan then it's in both the subscriber's and ISP's best interest to have that machine stop being abused ASAP.

quote:
Step 2 - Notify the user via email and snail mail or telephone. Give one week for the computer to be cleaned.

Another week?!? By now we're into the millions of messages and the machine is likely exploited by a few different groups/individuals. And snail mail is far too costly in the long run (costs more then just the cost of a stamp) and you know where those costs will eventually end up. Do you really want to have to pay for the fact that your neighbor consistently opens any attachment sent to them?

quote:
Step 3 - Cut users internet access and notify user. Until system is cleaned, access will not be reactivated.

How do you determine if the system is cleaned? Most ISP's legal departments would choke on their screams if they were told the company was accessing subscriber's PCs, registries, etc.

Subscriber security is the responsibility of the subscriber, sure ISPs have to occasionally take out the whacking stick to remind some people but in the end it's the subscriber's PC and ISPs cannot dictate what they can and cannot do/install/whatever on their PC, the best an ISP can do is say 'you're not going to do it on my network'.

In my opinion one of the biggest problems facing abuse departments right now is the overwhelming number of abuse reports and the lack of any type of standardized logs which makes automation near impossible. For every 100 abuse reports we receive about 80% are invalid (contain no info outside of 'STOP THIS OR I WILL CALL FBI') and the remaining 20% are valid (and that's being generous) but we need to trudge through the entire lot to find that 20%.

Also, it would help abuse departments and their management if network security was more of a selling point as far as the consumer was concerned, if marketing finds out they lost X number of subscribers because the competition responded to abuse reports in a more timely fashion and kept them off blacklists, etc then marketing would be advocating more resources for those departments.]]> http://www.dslreports.com/forum/remark,9988606 Fri, 16 Apr 2004 11:53:46 EDT Re: FCC http://www.dslreports.com/forum/remark,9988592 oldTDNickell :

said by Nightfall :
Lets take it a step further.

There are zombie machines on every broadband provider's network. As of right now, according to my router logs, I am getting hit by comcast, charter, SBC, etc. This goes far beyond just Comcast's problem. Broadband providers need to step up and take care of this problem.

Now you know why some ISPs are not permitting servers to be run on their connections. It is obvious that the common user cannot successfully administer these servers that they want. If they could, then this wouldn't be an issue.

Now, what to do about these infected machines? I still think my original idea works.

Step 1 - Notify the user via email. Give one week for the computer to be cleaned.
Step 2 - Notify the user via email and snail mail or telephone. Give one week for the computer to be cleaned.
Step 3 - Cut users internet access and notify user. Until system is cleaned, access will not be reactivated.

Make this a policy across the board through all ISPs. That will solve the problem.

I also agree with you Nightfall,but i think they have to stop the self installation,s hookups.
As it is now the installer never see,s the computer getting the new installation and that computer could be dirty from the start.

Comcast and other HSI network need to have some control over hookup,s from the start.:(
--
Terry D.]]> http://www.dslreports.com/forum/remark,9988592 Fri, 16 Apr 2004 11:52:00 EDT Re: FCC http://www.dslreports.com/forum/remark,9988552 TheMonkey2 : Covad do this all the time .. for spammers and also account that harbour virus infected machines. People who refuse / cannot clean their machines have had their accounts terminated in the past.]]> http://www.dslreports.com/forum/remark,9988552 Fri, 16 Apr 2004 11:46:43 EDT Re: FCC http://www.dslreports.com/forum/remark,9988467 Maxo : I agree with your suggestion.
--
»maxolasersquad.com]]> http://www.dslreports.com/forum/remark,9988467 Fri, 16 Apr 2004 11:35:37 EDT Re: FCC http://www.dslreports.com/forum/remark,9988446 Nightfall : Lets take it a step further.

There are zombie machines on every broadband provider's network. As of right now, according to my router logs, I am getting hit by comcast, charter, SBC, etc. This goes far beyond just Comcast's problem. Broadband providers need to step up and take care of this problem.

Now you know why some ISPs are not permitting servers to be run on their connections. It is obvious that the common user cannot successfully administer these servers that they want. If they could, then this wouldn't be an issue.

Now, what to do about these infected machines? I still think my original idea works.

Step 1 - Notify the user via email. Give one week for the computer to be cleaned.
Step 2 - Notify the user via email and snail mail or telephone. Give one week for the computer to be cleaned.
Step 3 - Cut users internet access and notify user. Until system is cleaned, access will not be reactivated.

Make this a policy across the board through all ISPs. That will solve the problem.
--
My Domain
Nightfall's Hockey and Life Journal]]> http://www.dslreports.com/forum/remark,9988446 Fri, 16 Apr 2004 11:33:36 EDT FCC http://www.dslreports.com/forum/remark,9988340 Rob : I think the FCC needs to step in and put Comcast back in their place. First with the invisible caps, and now again with spammers on their network.... This is getting out of hand.

Seems like Comcast is more concerned with making a quick buck, than keeping their subscribers happy.
--
Do not judge those who try and fail; Judge those who fail to try.]]> http://www.dslreports.com/forum/remark,9988340 Fri, 16 Apr 2004 11:19:36 EDT