draven
Premium,Mod
join:2002-02-20
my bunker
Host:
General Questions
No, I Will Not Fix..
2 edits | How would you handle the Comcast spam crisis?
With the recent news that the United States is a top spam culprit, and the well-documented problems that Comcast has with spam, I am curious to know what people suggest Comcast do to solve this problem?
Unsecured computers is a frustration for any ISP because it all boils down to end users who do not heed simple warnings and advice on proper maintenance. I would never own something I did not know how to use. I took it upon myself to learn the alarm commands to my house the day I bought it, because I had an interest in protecting my investment. Same goes for my car. If I couldn't have figured it out, I would have spent the extra time trying until I did.
Comcast - and even the law - could definitely do more to prevent this situation ... here's my proposals.
•A certified letter from Comcast would be sent in the mail to fix your computer with 24 hours. Once the read receipt is received, your countdown clock begins.
•Immediate suspension of service for 6+ months if not heeded, zero-tolerance, no reversal. Comcast does not need every customer they have to break even. You make poster children out of a few thousand customers and suddenly everyone is scrambling to figure out just how to maintain that dust-covered box that just sits powered-on in the corner of the family room.
•Make owning an unsecured computer a crime punishable by fines, community service or even worse. Especially since open relays and zombies can present real threat to not only the victim, but to national security since foreign hackers with an agenda can go virtually untraceable. I'm being very serious about all of those suggestions. I think it is the only way to effectively handle a situation which has grown way out of control. You might say "How can you hold the end user responsible when they are at the mercy of Microsoft and virus scan software updates?" 99.9% of the time, security patches and DAT files are made available before or coinciding with exploit and virus propagation. People have a chance to be proactive and protect themselves ahead of the storm. Even if they get exploited or infected, with my proposals people will be a lot more aggressive towards immediately addressing the problem and fixing it. |
|
oldTDNickell
Premium
join:2000-12-19
Federal Way, WA | I agree with what you say.The first thing to be done is shut off there computers.Then it would take time to make new laws to cover all the rest,that takes time that we don't have.Shut them down now.
--
Terry D. |
|
newview
Ex .. Ex .. Exactly
Premium
join:2001-10-01
Parsonsburg, MD
| reply to draven
It's taking Comcast waaaay too long to address abuse issues, spam in particular, to leave zombied & spewing boxes alive on the 'Net for any length of time, as the new spate of viruses/trojans/worms of the last two weeks indicates. By the time Comcast appears to addressing issues, the boxes have been spewing for months.
Spewing boxes should be disconnected IMMEDIATELY. That will certainly get the customer's attention. Once the dialog has been established with the offending customer, and appropriate clean-up directions have been established, then Comcast could allow the connection to be re-established for a certain length of time, say 24-36 hours, to clean up. Failure to clean up gets you terminated, period.
--
The Rules of Spam | Maryland's New Anti-Spam Law
Where are we going? And what's with the hand basket? |
|
nshulga
join:2002-06-06
Morrisville, PA
| reply to draven
well, they could make a habit of checking abuse@comcast.com, for starters.
Most spam runs complete in (much) less than 24 hours. If comcast notices a spam in progress, it should stop all relevant outbound traffic from this computer (it's not all that difficult) and notify the owner immediately. SHould be enough. |
|
halfband
Premium
join:2002-06-01
Huntsville, AL
| Capping the upload at 1.2Kbps would slow the flow of spam to a crawl and have the user calling comcast due to the impact the capped upload will have on download speed. Then again suspending the connection is probably more effective.
--
Registered Bandwidth Offender #40812 |
|
PhilMan99
join:2004-03-05
Brookeville, MD
| reply to draven
At the risk of being dense, could you clarify the problem a bit? I thought SPAM was an intentional act. Your last bullet suggests (I think...) that there may be a virus/worm involved.
Are you only concerned about shameless-SPAMers, or is there a problem with folks not updating Windoze & virus-scanning software. |
|
PhilMan99
join:2004-03-05
Brookeville, MD
| reply to draven
Aha! Found another thread explaining the viruses & worms are indeed a problem.
I've always considered myself pretty safe:
* NAT router
* Norton (updated fairly frequently)
* Latest Windoze patches (to a degree)
* Generally use AdAware
Is there a FAQ talking about how to avoid being a "victim" (or network problem)? Having seen worm infections internal to fed gov, that might be useful for work *and* at home. |
|
draven
Premium,Mod
join:2002-02-20
my bunker
Host:
General Questions
No, I Will Not Fix..
| reply to PhilMan99
said by PhilMan99  :
Are you only concerned about shameless-SPAMers, or is there a problem with folks not updating Windoze & virus-scanning software.
As your other post explains you found some answers to this, I'll keep it brief.
Viruses and worms are responsible for many of the initial compromises of a system that eventually gets 'zombied.' These machines can then be turned into spam relays or virus propogators.
Right now, the majority of users see computer viruses as just a nusiance; prevention tactics are minimal and are low priority tasks. By enforcing standards of upkeep for computers via legal means, it may force everyone to realize that computers have become a huge influence on our society, both positively and negatively. They need to be treated as such. |
|
TKJunkMail
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
 ·Sprint Mobile Broa..
 ·Comcast
| reply to draven
Most of what you say makes sense, but assigning CRIMINAL liability to having an unsecured home computer is over the top. We have enough laws in this country trying to criminalize every human endeavor - we don't need to criminalize some 65 yr old grandmother using a computer to see pictures of her grandchildren just because her computer is unsecured.
The disconnection of the computer from a broadband network is more than sufficient.
--
My Home Page
Bush Cheney 04
When the eagles are silent, the parrots begin to jabber. --Winston Churchill |
|
PhilMan99
join:2004-03-05
Brookeville, MD
| "We have enough laws in this country trying to criminalize every human endeavor..."
I concur. Turning to Big Bother (not a typo...) every time something goes wrong is not the answer. That just leads to a huge, expensive, meddlesome tyranny.
I'd rather hold software vendors accountable for producing garbage. The quality control in the software industry is horrible - "if architects built buildings the way programmers write programs, the first wood-pecker to come along would destroy civilization".
Note: I'll personally continue to protect/harden my own systems... |
|
oldTDNickell
Premium
join:2000-12-19
Federal Way, WA
| reply to TKJunkMail
I really believe that most if not all the folks that use this forum know how to protect there computer system's,but for one of us there are twenty more out there that have no idea what a firewall or antivirus software is.All we can do is protect are computer,s thus protecting the network and hope that comcast deals with the problem of the zombie computer,s.They really need to do something soon.
--
Terry D. |
|
miketavares
join:2000-12-10
North Dighton, MA
| reply to draven
In regards to SPAM and Email Virus/Worm propergration from comcast users. If I were in charge I would do the following.
1. All incoming mail would be scanned for virus (no option to turn this off or not), any quarantined emails would be sent to a special folder for review by the customer
2. All OUTBOUND Port 25 traffic would be direct to the comcast SMTP servers (no exceptions to this rule).
3. All Outbound would be scanned (for virus and spam) and subject to some limits (x amount an hour, per day, etc). After x amount of messages are detected in vilotian of the filters, an email is set to the abuse desk who in turn would look up the MAC address and IP currently assigned and contact the customer.
Once the customer is contacted they have 2 hours to resolve the problem, or they disconnected. If the customer can be contacted, their connection is shut off until such a time that they can be contacted, and it will be enabled for the 2 hours for them to fix there computers. If not fixed during that time, they are shut off until such a time they can produce in writing (via cerified mail) a letter stating the problems have been addressed.
While these rules won't make comcast the most popular ISP, it would make the rest of the world happy.
--
I need something catchy here |
|
Nerdtalker
Working Hard, Or Hardly Working?
Premium,MVM
join:2003-02-18
Tucson, AZ
clubs:
| reply to draven
I agree with Newview in every regard. Removing these unsecured, unpatched, unfirewalled, and un-cared-for computers from the network altogether will be the best immediate action. From that point, action should be taken to instruct these people how to secure their computer, and only after they both demonstrate that they know how to secure a computer and their computer is secure should they be allowed back onto the network.
I also find Bill Gates' proposal interesting, charging 1cent per e-mail could be a simple yet effective alternative to solving spam on a larger scale. It'd be interesting to hear people's take on this issue as well. |
|
oldTDNickell
Premium
join:2000-12-19
Federal Way, WA
| reply to PhilMan99
All very good ideas.I agree with you PhilMan99 on the software.It seems to me that all the protection we need and use could be built in to your O/S with no options to turn off.That could not be done soon but i bet they could do it.
--
Terry D. |
|
Andrew J
Premium
join:2001-11-09
Lancaster, PA
clubs:
·Comcast
 ·Vonage
 ·Verizon Online DSL
| reply to Nerdtalker
Well Comcast screws up a lot. I don't want to get home and find out they have shut off my connection by mistake. Falsely claiming I've been spamming. Like the RIAA saying an 80 year old woman was downloading RAP music.
As for the 1 cent per spam I see WiFi being the death of that. They will high-jack an unsuspecting persons AP to send 1 million spams. Putting that WiFi user in debt for life. Ok yeah the guy was careless but shouldn't have his entire life ruined.
--
Enter to win a 2500+ PC mod and help Project Hope! |
|
Nerdtalker
Working Hard, Or Hardly Working?
Premium,MVM
join:2003-02-18
Tucson, AZ
clubs: | They do screw up a lot, but how could they possibly mistake several million messages from coming from your machine? |
|
Andrew J
Premium
join:2001-11-09
Lancaster, PA
clubs: | How did they claim I stole my own MAC address? Who knows, but they accused me of that 2 weeks ago. |
|
LrdVader
Premium
join:2003-12-18
San Diego, CA
| reply to miketavares
said by miketavares :
2. All OUTBOUND Port 25 traffic would be direct to the comcast SMTP servers (no exceptions to this rule).
As long as this was implemented via a simple block on port 25 outbound to non-Comcast servers, I'm all for this. However, I would consider transparent redirection completely unacceptable. An ISP has *no* business hijacking customer traffic.
said by miketavares :
3. All Outbound would be scanned (for virus and spam) and subject to some limits (x amount an hour, per day, etc). After x amount of messages are detected in vilotian of the filters, an email is set to the abuse desk who in turn would look up the MAC address and IP currently assigned and contact the customer.
This is one of those situations where the cure could easily become worse than the disease, by impeding legitimate use of email.
What if you participated in, for example, a men's health mailing list, and the subject of viagra came up? Since viagra is such a common topic of spam, the mere mention of the word is often enough to get a message filtered. How would you like to receive a letter from Comcast stating that further participation in that mailing list would result in your service being terminated for abuse? Or worse (and probably more likely), just a vague threat of termination with NO information as to what you did wrong, or how to correct it?
Or, for that matter, what if you were discussing spam? I was recently discussing viagra-related spam with an administrator at my email provider, and found that his reply (and most likely the message it was in reply to) had been flagged as spam by Spamassassin. Under your proposal, this could have generated an abuse letter from my ISP. That certainly doesn't seem fair, now does it?
By making email increasingly unreliable, and perhaps even making people scared to use email for fear of getting their service cut off, this sort of solution would do far more to help kill email than it would to help save it.
My proposal would be that Comcast block port 25, and then put some effort towards responding to abuse@comcast.net by suspending spamming hosts. That, IMO, would go a long way towards giving them some credibility, and if enough suspensions were given, would also provide an incentive for users to secure their systems, without unduly interfering with legitimate use of email.
Ideally, experienced users who know what they're doing would be able to opt-out of the port 25 block by request, like DSLExtreme allows. But I'm not holding my breath. Ultimately, I think the burden will fall on the outside email providers to offer a non-standard, unblocked port for their customers who need it. Many already do, either through a non-standard normal SMTP port, SMTP over SSL on port 465, or both. |
|
Morac
join:2001-08-30
Riverside, NJ
·Comcast
| reply to draven
I say Comcast should set up automated software that checks if a person is sending a large amount of traffic over TCP port 25 to any server other than smtp.comcast.net. It should allow someone to send a few messages, but not the amount spammers send out.
Once spamming is detected, the offender's cable modem is disabled. This will force the person to call in to ask why. Comcast re-enables his modem and tells him to download and install Mcafee Firewall Pro (free for all Comcast HSI subscribers) and warns the person that his account will be terminated if he is caught spamming again. If the person is innocent, then perhaps threat of account termination will get him to take some responsibility for his machine, especially since it doesn't cost any money.
--
"snmp: the standard e-mail protocol on the Internet" - LinkSys user manual (page 17) |
|
LrdVader
Premium
join:2003-12-18
San Diego, CA
| said by Morac :
I say Comcast should set up automated software that checks if a person is sending a large amount of traffic over TCP port 25 to any server other than smtp.comcast.net. It should allow someone to send a few messages, but not the amount spammers send out.
Isn't that just another invisible cap, and didn't we just recently generate several hundred pages of posts about why invisible caps are unfair? I'm seeing more and more of this attitude that a bad idea suddenly becomes a good idea when it's being used to fight spam, and it disturbs me.
It seems much more fair to simply say, up front, "We block port 25 - use our SMTP or talk to your outside provider about alternate ports," than to start disabling people's modems for crossing yet another invisible line. |
|
