how-to block ads
|
Rob
In Deo speramus, God Bless the USA
Premium
join:2001-08-25
Kendall, FL
 ·Comcast
| FCC I think the FCC needs to step in and put Comcast back in their place. First with the invisible caps, and now again with spammers on their network.... This is getting out of hand.
Seems like Comcast is more concerned with making a quick buck, than keeping their subscribers happy.
--
Do not judge those who try and fail; Judge those who fail to try. | |
|  
Nightfall
My Goal Is To Deny Yours
Premium,MVM
join:2001-08-03
Grand Rapids, MI
 ·Site5.com
 ·AT&T Midwest
·Comcast
| Re: FCC Lets take it a step further.
There are zombie machines on every broadband provider's network. As of right now, according to my router logs, I am getting hit by comcast, charter, SBC, etc. This goes far beyond just Comcast's problem. Broadband providers need to step up and take care of this problem.
Now you know why some ISPs are not permitting servers to be run on their connections. It is obvious that the common user cannot successfully administer these servers that they want. If they could, then this wouldn't be an issue.
Now, what to do about these infected machines? I still think my original idea works.
Step 1 - Notify the user via email. Give one week for the computer to be cleaned.
Step 2 - Notify the user via email and snail mail or telephone. Give one week for the computer to be cleaned.
Step 3 - Cut users internet access and notify user. Until system is cleaned, access will not be reactivated.
Make this a policy across the board through all ISPs. That will solve the problem.
--
My Domain
Nightfall's Hockey and Life Journal | |
| | 
Maxo
Your tax dollars at work.
Premium,VIP
join:2002-11-04
Tallahassee, FL
clubs: | Re: FCC I agree with your suggestion.
--
»maxolasersquad.com | |
| | TheMonkey2
join:2004-02-07
Charlottetown, PE
1 edit | Covad do this all the time .. for spammers and also account that harbour virus infected machines. People who refuse / cannot clean their machines have had their accounts terminated in the past. | |
| | 
oldTDNickell
Premium
join:2000-12-19
Federal Way, WA
| said by Nightfall  :
Lets take it a step further.
There are zombie machines on every broadband provider's network. As of right now, according to my router logs, I am getting hit by comcast, charter, SBC, etc. This goes far beyond just Comcast's problem. Broadband providers need to step up and take care of this problem.
Now you know why some ISPs are not permitting servers to be run on their connections. It is obvious that the common user cannot successfully administer these servers that they want. If they could, then this wouldn't be an issue.
Now, what to do about these infected machines? I still think my original idea works.
Step 1 - Notify the user via email. Give one week for the computer to be cleaned.
Step 2 - Notify the user via email and snail mail or telephone. Give one week for the computer to be cleaned.
Step 3 - Cut users internet access and notify user. Until system is cleaned, access will not be reactivated.
Make this a policy across the board through all ISPs. That will solve the problem.
I also agree with you Nightfall,but i think they have to stop the self installation,s hookups.
As it is now the installer never see,s the computer getting the new installation and that computer could be dirty from the start.
Comcast and other HSI network need to have some control over hookup,s from the start.:(
--
Terry D. | |
| | | 
from outer space
 from:
Pz_
| Re: FCC --------------------------------------------
I also agree with you Nightfall,but i think they have to stop the self installation,s hookups.
As it is now the installer never see,s the computer getting the new installation and that computer could be dirty from the start.
Comcast and other HSI network need to have some control over hookup,s from the start.
--
Terry D.
--------------------------------------------
Surely you jest! When Comcast came to install my connection, they fooled around with trying to get it provisioned for a couple of hours... then I had to step away for a couple of minutes. When I returned, they were on my system un-installing some of my hardware drivers for my ATI 8500DV A-I-W, and several other hardware functions along with my dialer for my fax and a few other things ( read this as "Custom Written Software" that I had written.
For what it's worth, these guys didn't know the first thing about a computer system, what to do with it, how to work it or anything else. To top it off, when they left, the internet connection wasn't working and my machine wasn't booting correctly. These guys told me the problem was becaue I have my HP 990 hooked to 2 physical systems at the same time ( 1 USB; 1 Parallel)!
It took me some 3 days to start from scratch and re-install my operating system and everything else.
Now, if for any reason Comcast comes to do anything, I don't let them touch anything execpt perhaps the cable modem.. heck.. after all... that's theirs, but if they want to re-plug my machine from out of my router to the back of their modem, I grill em' pretty good to find out what they think they are going to accomplish... and for goodness sake... my keyboard is completely off limits... | |
| | | | SongCloud
join:2002-11-17
Addison, IL
| Re: FCC I have had Comcast install cable internet 3 times in 3 different places. The people that they have doing the installations are morons at best. The last time I had the HSI service installed, I had to teach the 2 installers how to use the ping command. They didn't even know that they had to use a proxy to enable the connection. I will NEVER let an installer touch any of my machines. It's just too risky given my prior experiences with installers. Anyway, anything they need to do, I can do myself, and probably quicker and more efficiently. CCNA certification comes in handy sometimes!! 
~SongCloud | |
| | 
Krispy
Premium,VIP
join:2001-12-11
the stix
| said by Nightfall:
Step 1 - Notify the user via email. Give one week for the computer to be cleaned.
A week?!?!?! Oh my, within 24 hours these machines can send out hundreds of thousands of messages, a week is FAR too long to wait. In some cases I suspend without warning, I don't like to do it but if it's a particularly busy worm/virus/trojan then it's in both the subscriber's and ISP's best interest to have that machine stop being abused ASAP.
quote:
Step 2 - Notify the user via email and snail mail or telephone. Give one week for the computer to be cleaned.
Another week?!? By now we're into the millions of messages and the machine is likely exploited by a few different groups/individuals. And snail mail is far too costly in the long run (costs more then just the cost of a stamp) and you know where those costs will eventually end up. Do you really want to have to pay for the fact that your neighbor consistently opens any attachment sent to them?
quote:
Step 3 - Cut users internet access and notify user. Until system is cleaned, access will not be reactivated.
How do you determine if the system is cleaned? Most ISP's legal departments would choke on their screams if they were told the company was accessing subscriber's PCs, registries, etc.
Subscriber security is the responsibility of the subscriber, sure ISPs have to occasionally take out the whacking stick to remind some people but in the end it's the subscriber's PC and ISPs cannot dictate what they can and cannot do/install/whatever on their PC, the best an ISP can do is say 'you're not going to do it on my network'.
In my opinion one of the biggest problems facing abuse departments right now is the overwhelming number of abuse reports and the lack of any type of standardized logs which makes automation near impossible. For every 100 abuse reports we receive about 80% are invalid (contain no info outside of 'STOP THIS OR I WILL CALL FBI') and the remaining 20% are valid (and that's being generous) but we need to trudge through the entire lot to find that 20%.
Also, it would help abuse departments and their management if network security was more of a selling point as far as the consumer was concerned, if marketing finds out they lost X number of subscribers because the competition responded to abuse reports in a more timely fashion and kept them off blacklists, etc then marketing would be advocating more resources for those departments. | |
| | | | | fantomposter
Phantom Poster
Premium
join:2002-09-21
Independence, OH
| said by Nightfall :
Step 1 - Notify the user via email. Give one week for the computer to be cleaned.
Step 2 - Notify the user via email and snail mail or telephone. Give one week for the computer to be cleaned.
Step 3 - Cut users internet access and notify user. Until system is cleaned, access will not be reactivated.
An infected machine can send millions of spam messages a day. You are letting the infected user sent 14 million+ messages before your plan does anything about it. I think that is totally unaceptable.
Upon receipt of a complaint and verification that the machine is infected, easy to do with a scan, the ISP must immediatly stop the flow of spam, period.
And that is easy to do also. A simple outgoing port 25 block at the nearest router for the IP address the infected user is on and the flow of spam stops.
There is no reason for anything more than 3 to 4 day turn around time on stopping the flow of spam from an infected machine. Any thing less is an excuse by the ISP. | |
| | | 
newview
Ex .. Ex .. Exactly
Premium
join:2001-10-01
Parsonsburg, MD
| Re: FCC said by fantomposter :
A simple outgoing port 25 block at the nearest router for the IP address the infected user is on and the flow of spam stops.
BINGO
But take it a step further . . . port 25 blocking across the entire network. Stopping the spam abusing the rest of the internet takes precedence over the inconvenience of those who may be legitimately sending email thru servers other than those belonging to their ISP.
Then Comcast can fight it out with zombied customers who continually bang on the door of a closed port without the rest of the internet receiving the garbage.
--
The Rules of Spam | Maryland's New Anti-Spam Law
Where are we going? And what's with the hand basket? | |
| | | | 
JTRockville
Data Ho
Premium,MVM
join:2002-01-28
Rockville, MD
clubs: | Re: FCC Does the solution always have to be soooooooo draconian?
AOL has enjoyed much success by blocking port email from the offending IPs.
Why couldn't/doesn't Comcast do this? | |
| | | | |
Nightfall
My Goal Is To Deny Yours
Premium,MVM
join:2001-08-03
Grand Rapids, MI
·Site5.com
·AT&T Midwest
·Comcast
| Re: FCC said by JTRockville :
Does the solution always have to be soooooooo draconian?
AOL has enjoyed much success by blocking port email from the offending IPs.
Why couldn't/doesn't Comcast do this?
That is also an option.
Maybe keep these ports open to you initially, but then if your system is comprimised, the ports are closed. I think of it like network access. You are given full rights to do what you want. If you prove yourself to be a moron when it comes to security, then you are downgraded. If the ISP downgrades you, then they have to submit a message to the user explaining why and so on.
Obviously, this won't fix the port 80 attacks bouncing off my router because you can't close that port if the user is a moron without shutting down their entire internet access. 
In some cases, it has to be draconian and in other cases it doesn't. If we want to have a system like this, each ISP is going to have to hire experienced network people to be able to determine if these machines have been comprimised. There should be a checks and balances system in place so only the users who have comprimised machines have their connections turned off or ports closed. There can be no room for error due to the fact that it will take only one user who gets shut down to complain about it and cause a huge stink.
Since experienced network people cost money, and you are going to need a nice group of them to monitor all the systems and look for violations, I don't see it happening.
It would be easier to just cut the connection instead of do it the right way.
--
My Domain
Nightfall's Hockey and Life Journal | |
| | | | | | fantomposter
Phantom Poster
Premium
join:2002-09-21
Independence, OH
| Re: FCC said by Nightfall :
Maybe keep these ports open to you initially, but then if your system is comprimised, the ports are closed.
Good idea, but how about the converse? Close them all and open it for anyone that asks. My GUESS, 95 percent of the people would not even notice they were closed. | |
| | | | | | | | | | | | | | | 
TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Brooklyn NYC
·Verizon Online DSL
| said by Nightfall :
There are zombie machines on every broadband provider's network. As of right now, according to my router logs, I am getting hit by comcast, charter, SBC, etc. This goes far beyond just Comcast's problem.
According to our sendmail logs we see the same; However
the spam from Comcast is more than all the others you
mention combined. said by Nightfall :
Now, what to do about these infected machines?
Route ALL packets with a destination port of 25 to an
authorised Comcast SMTP server. Problem SOLVED Cheaply!
If you dissallow direct SMTP From broadband networks, the
totality of the spam problem as we know it, will cease to exist; and blacklist operators will concentrate on direct
spammers.
This would also enhance security, as the major reason for
hijacking home pc's on broadband networks is to turn them into smap-bots. There would be nothing to be gained by spammers hijacking computers connected to broadband connections. said by Nightfall :
Step 1 - Notify the user via email. Give one week for the computer to be cleaned.
Step 2 - Notify the user via email and snail mail or telephone. Give one week for the computer to be cleaned.
Step 3 - Cut users internet access and notify user. Until system is cleaned, access will not be reactivated.
Make this a policy across the board through all ISPs. That will solve the problem.
This solution is VERY Labor intensive (Labor=$$$), and would actually exaserbate the problem. Spammers would step up the hijackings, knowing they had a very limited time (One week by your solution) to use the infected PC's.
I am afraid port-blocking is the only viable solution if you really want to stop this abuse. I would also advocate blocking all port 80 inbound connections to broadband networks, as a lot of hijackings are for the purpose of "bullet-proof" web hosting.
For those subscribers who absolutely need direct SMTP/HTTP to their home machines, some form of special service can be offered. Perhaps taking a course, and taking a test, and paying a bit more?? Perhaps a periodic security scan on these by the ISP ??
Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME.»www.tamara-b.org
| |
| | | russotto
join:2000-10-05
Collegeville, PA
| Re: FCC Anti-spammers are always willing to destroy the net in order to save it.
One point of having a broadband connection -- particularly one such as mine with a static IP -- is to have a first-class connection to the Internet. Some port-80(in) and port-25(in/out) blocked abomination doesn't cut it. | |
| | | | | | | | | | | | | | | | | | | | | | | 
TraumaJunkie
Premium
join:2004-03-05
Knoxville, TN
| said by Nightfall :
Lets take it a step further.
Step 1 - Notify the user via email. Give one week for the computer to be cleaned.
Step 2 - Notify the user via email and snail mail or telephone. Give one week for the computer to be cleaned.
Step 3 - Cut users internet access and notify user. Until system is cleaned, access will not be reactivated.
This is very close to what Comcast does. When a machine is identified as spamming the access to outbound email is cut off for 24 hours and an email is sent to inform the user they have been identified and given a chance to clean up their machine. Ignoring the warning leads to total cut-off of access to email and eventually the service is shut down for abuse. The local call center personnel can not reverse these blocks or termination of service, it has to be handled directly by the abuse department.
Spam has gotten out of hand and legislation will not stop it. I have no idea how to stop spam but would wholeheartedly support any inititive that would put an end to ANY and ALL UNSOLICITED email.
--
Air goes in and out, blood goes 'round and 'round. Any deviation from this can indicate a problem. | |
| | | |
|
·
·
·
