Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » Security Absurdity: A long-overdue wake up call
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Spycar suite of free Exploit Tests »
« Is there a harmeless virus that I can sent to myself to test  
AuthorAll Replies


N O Y B
St. John 3.16

join:2005-12-15
Forest Grove, OR

reply to HMS1
Re: Security Absurdity: A long-overdue wake up call

Apathy is right. Especially on the part of ISPs that could very easily automate such things as bot detection and automatically shutdown the connection. They could also automate detection and blocking of certain automated types of email address harvesting.

Even if you pull the logs from your firewall and send your ISP major offenders nothing is likely to be done. Shutting down the easy to detect high offending bots would go a long ways toward protecting the ignorant computer operator. At least maybe for more the 4 minutes. With all the bots hitting my firewall it’s easy to see how an unprotected computer could be taken control of in a matter of minutes.

There are some other things ISPs and corporations need to do as well. Like untying account number and/or login ID from publicly used things such as email address and web space URL, etc. And make all authentication via secure methods, even for SMTP/POP and NNTP, etc.
to forum · permalink · · 2006-05-16 00:53:25 · Reply to this


Khaine

join:2003-03-03
Australia
said by N O Y B See Profile :

Apathy is right. Especially on the part of ISPs that could very easily automate such things as bot detection and automatically shutdown the connection. They could also automate detection and blocking of certain automated types of email address harvesting.

Even if you pull the logs from your firewall and send your ISP major offenders nothing is likely to be done. Shutting down the easy to detect high offending bots would go a long ways toward protecting the ignorant computer operator. At least maybe for more the 4 minutes. With all the bots hitting my firewall it’s easy to see how an unprotected computer could be taken control of in a matter of minutes.

There are some other things ISPs and corporations need to do as well. Like untying account number and/or login ID from publicly used things such as email address and web space URL, etc. And make all authentication via secure methods, even for SMTP/POP and NNTP, etc.
And what happens when a new bot comes out that the ISP doesn't scan for and a customer gets infected and sues the ISP for failure to do its job? You know someone would do it.

Currently ISP's are common carriers and don't have any liability for traffic that passes through their network. Buy forcing them to scan users or whatever you could change their legal status and their liability.
to forum · permalink · · 2006-05-17 03:52:29 · Reply to this


N O Y B
St. John 3.16

join:2005-12-15
Forest Grove, OR
said by Khaine See Profile :

And what happens when a new bot comes out that the ISP doesn't scan for and a customer gets infected and sues the ISP for failure to do its job? You know someone would do it.

Currently ISP's are common carriers and don't have any liability for traffic that passes through their network. Buy forcing them to scan users or whatever you could change their legal status and their liability.
I don’t think you understand how to detect a bot. You don’t target each specific type. You target by activity. Ex: set up a firewall and start logging unsolicited traffic. Then shutdown the ones that are obviously bots.

They are liable if they know of illegal activity and do not take action stop it. You can not provide service to someone knowing they intend to using for conducting illegal activity and claim innocents. It would be like a gun shop selling a gun to a person all the will knowing they intend to us it to commit a crime (armed robbery, murder, etc).

There are certain illegal activities taking place on ISP networks by their very on customers and the ISP know it. And I know they know it because I know it too. In the case of bots it does not require scanning all traffic. Bot detection and shutdown is much simpler than that.

What I don’t understand is why there are so many in support of the apathetic status quo. Are that many of you actually bot operators and spammers?
to forum · permalink · · 2006-05-17 13:14:34 · Reply to this
Forums » Up and Running » Security » SecuritySpycar suite of free Exploit Tests »
« Is there a harmeless virus that I can sent to myself to test  

Tuesday, 10-Nov 19:04:40 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [113] Moto Sold About 100,000 Droids
· [93] Verizon Keeps Swinging At AT&T
· [86] VoIP Over 3G Still Not Working For iPhone
· [64] Government Will Release Some Telco Wiretap Lobbying Documents
· [52] Verizon's Hanging Up On Rural America
· [34] Bill Would Force ISPs To Block Financial Scams
· [29] Verizon's Higher ETFs Annoy Senator
· [25] Sprint Announces Job Cuts
· [24] Mediacom Hints At 50, 100 Mbps Speeds
· [21] Google Offers Free Holiday Airport Wi-Fi
Most people now reading
· Holy work line speeds!! [TekSavvy]
· Windows 7 boot manager editing questions [Microsoft Help]
· House inspector failed to find major gas leak [Home Repair & Improvement]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· Google Has Acquired Gizmo5 [VOIP Tech Chat]
· Framed for child porn 151; by a PC virus [Security]
· [WIN7] Outlook express under Windows 7? [Microsoft Help]
· Replace entry door [Home Repair & Improvement]