dslreports logo
50 ISPs Harbor Half Of All Infected Machines
OECD Issues Study On Botnets And ISP reactions
Slashdot directs our attention to a new study by Delft University of Technology and Michigan State University on botnets and how ISPs deal with them. The study analyzed 90 billion spam messages from 170 million unique IP addresses captured between 2005 and 2009, and found that just fifty (out of tens of thousands) of global ISPs are responsible for about half of all infected machines. If those ISPs did a better job of cleaning up their networks, a major dent could be put in the botnet and spam problem. The study found that larger ISPs actually have fewer infections per user than smaller ISPs, and contrary to common wisdom, that "high connection speeds are associated with lower botnet activity."
view:
topics flat nest 
cahiatt
Premium Member
join:2001-03-21
Smyrna, GA

1 recommendation

cahiatt

Premium Member

None....

Maybe it is a simple as larger ISP's serve more metropolitan areas with more tech savvy people. The same people that are more likely to get higher speed tiers and may be better equipped to deal with and/or prevent PC infections.
a1_Andy
Premium Member
join:2005-12-29
Oshawa, ON

a1_Andy

Premium Member

Re: None....

+ the smaller rural ISP's are likely mostly made up of dialup customers and dont do AV and malware updates.

EUS
Kill cancer
Premium Member
join:2002-09-10
canada

EUS

Premium Member

Neutrality; can't have it both ways

The blame isn't and shouldn't be put on the ISP. Either the ISP is a dumb pipe, or it isn't. People are already fighting (a losing battle) on net neutrality, yet this piece indicates that the ISP has to do "a better job of cleaning up their networks, a major dent could be put in the botnet and spam problem."
I have a problem with that.
BlueC
join:2009-11-26
Minneapolis, MN

1 recommendation

BlueC

Member

Re: Neutrality; can't have it both ways

Agreed.

It should be the user's responsibility to make sure they have proper security in place. If they can't control their own machine, then they would be subject to disconnection or isolation (assuming it was a threat on the network or whatever).

ISPs should be in the business of delivering a dumb pipe.

TamaraB
Question The Current Paradigm
Premium Member
join:2000-11-08
Da Bronx
·Verizon FiOS
Ubiquiti NSM5
Synology RT2600ac
Apple AirPort Extreme (2013)

1 recommendation

TamaraB to EUS

Premium Member

to EUS
said by EUS:

I have a problem with that.
So do I! However, we all know ISPs are in actuality, nothing close to a dumb pipe. They redirect DNS, block ports, throttle traffic, and collect user data. I use my ISP as a dumb pipe, but only because I use none of their services, run a local bind, and stay connected via a VPN.

jlivingood
Premium Member
join:2007-10-28
Philadelphia, PA

1 recommendation

jlivingood

Premium Member

This is not just an issue for ISPs to work on

re: "If those ISPs did a better job of cleaning up their networks, a major dent could be put in the botnet and spam problem"

I think this is first an issue to be solved in operating systems and client software. If those were more secure, this issue would be a lot less significant. (That's not to say that ISPs do not have a positive role to play here, as is evident by our actions.)

But, Karl, I might caution that if you really believe that ISPs need to do much more, then don't be critical when a port 25 block is the norm everywhere and hard quarantining of bots is a common practice.

odog
Minister of internet doohickies
Premium Member
join:2001-08-05
Atlanta, GA

odog

Premium Member

Re: This is not just an issue for ISPs to work on

The strangest thing... Quite a few people wouldn't even notice a bi-directional port 25 block. Those people unfortunately need to be full blown walled gardened before you can get any traction with them.

not
@comcast.net

not to jlivingood

Anon

to jlivingood
said by jlivingood:

But, Karl, I might caution that if you really believe that ISPs need to do much more, then don't be critical when a port 25 block is the norm everywhere and hard quarantining of bots is a common practice.
There's no reason to block port 25. That's the cheap and easy way to do it ala 1990's. Do it right and implement network gear that drops infections at the packet level both incoming and outgoing. Save both your customer and everyone else you open those customers out to. But of course, instead of doing that for all the money you take as an overpriced cable ISP, you'd rather pocket it all and for good measure also throw in some more opperating costs our way to pay for that too.

The hardware is there to fix these issues. The ISPs are both too cheap and too lazy to fix the problems. Why should they do it? Because it's the right thing to do, THAT'S WHY!

NormanS
I gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA
TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P

NormanS

MVM

Re: This is not just an issue for ISPs to work on

said by not :

There's no reason to block port 25.
Port 25 is specifically defined for mail transfer. There is an RFC covering message submission. There is no reason to use port 25 for message submission. And, if the ISP prohibits customers from running servers of any kind, there is good reason for blocking port 25.
flbas1
join:2010-02-03
Fort Lauderdale, FL

flbas1 to jlivingood

Member

to jlivingood
said by jlivingood:

But, Karl, I might caution that if you really believe that ISPs need to do much more, then don't be critical when a port 25 block is the norm everywhere and hard quarantining of bots is a common practice.
oh. botnets are simply DDOS'ing email servers.
wilbur6244
join:2001-01-02
Liberal, KS

1 recommendation

wilbur6244

Member

Who are the ISP's?

Did I miss the list of ISP's?? Would have been interesting to see. I found the article that was published and countries and so forth but that was it...

mikepd
Discovery
Premium Member
join:2000-10-26
New Port Richey, FL

1 recommendation

mikepd

Premium Member

Re: Who are the ISP's?

It is common practice for papers of this type to list such individual ISP data in aggregate form and not mention the individual ISP's that together makeup the study. It also avoids any possibility of lawsuits by keeping individual data confidential.

My question is that if individual ISP's will not add anti-virus capability to their routers, is it possible for that capability to be added to the network core routers and the cost for that be passed along to those who peer with them. Ultimately, the customer will pay in somewhat higher fees but if it significantly cuts down on bots, viruses, and other forms of malware then would not it be worth the extra cost?

not
@embarqhsd.net

not

Anon

Re: Who are the ISP's?

said by mikepd:

My question is that if individual ISP's will not add anti-virus capability to their routers, is it possible for that capability to be added to the network core routers and the cost for that be passed along to those who peer with them. Ultimately, the customer will pay in somewhat higher fees but if it significantly cuts down on bots, viruses, and other forms of malware then would not it be worth the extra cost?
Again, why should the customer pay for this? This is part of doing business if you're going to be an ISP. This is the problem with big business. All they want to do it make money and not absorb any business costs whatsoever. The line has to be drawn somewhere. The general public isn't going to take this sort of junk from corporations living high on the hog much longer. This is already one of the reasons why the economy is where it is now... the bubble burst because people got tired of being d***** over all the time.

NormanS
I gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA
TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P

NormanS

MVM

Re: Who are the ISP's?

said by not :

Again, why should the customer pay for this? This is part of doing business if you're going to be an ISP. This is the problem with big business. All they want to do it make money and not absorb any business costs whatsoever.
Businesses can't "absorb" costs. They'd go bankrupt trying. Costs are passed along to the customer because the customer is paying for the business to be in business.

If it costs me a nickel a glass to make lemonade, I damned well need to be selling it for at least six cents a glass if I don't want to go under.

Gbcue
Premium Member
join:2001-09-30
Santa Rosa, CA

1 recommendation

Gbcue

Premium Member

Re: Who are the ISP's?

said by NormanS:

said by not :

Again, why should the customer pay for this? This is part of doing business if you're going to be an ISP. This is the problem with big business. All they want to do it make money and not absorb any business costs whatsoever.
Businesses can't "absorb" costs. They'd go bankrupt trying. Costs are passed along to the customer because the customer is paying for the business to be in business.

If it costs me a nickel a glass to make lemonade, I damned well need to be selling it for at least six cents a glass if I don't want to go under.
But that's not how ISPs work.

It's probably something like this:

Wholesale usage charge/user - $20.00
Legit tax - $2.50
Fake tax - $9.89
Fake tax - $0.47
Fake tax - $1.58
Fake tax - $0.98
Fake tax - $0.06
Fake tax - $0.04
Fake tax - $0.98
Fake tax - $0.91
Fake tax - $0.47
Fake tax - $0.87
USF - $1.00
Profit - $sliding scale depending on how much costs I want to "pass" to user, making up "costs" as we go.
Total: ...

NormanS
I gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA
TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P

NormanS

MVM

Re: Who are the ISP's?

said by Gbcue:

But that's not how ISPs work.

It's probably something like this ...
Hmmm. I would have thought more like a liquor store. Something like this:

Wholesale cost of a fifth of Grey Goose vodka: $15.00

Price out the door (including excise and sales taxes): $45.00

I recall being given the leeway to give away an occasional free coffee to regular customers.

However, fixing viruses will eat into the profit without an offsetting ROI. I couldn't afford to give way every cup of coffee I ever made.

Gbcue
Premium Member
join:2001-09-30
Santa Rosa, CA

Gbcue to mikepd

Premium Member

to mikepd
Why should I pay for this if I always keep my computers secure?

Why should I subsidize those lazier? Socialism, anybody?

alchav
join:2002-05-17
Saint George, UT

alchav to wilbur6244

Member

to wilbur6244
I filter all my eMail and only let people in my Address Book into my Inbox, then I have a Suspect Spam Folder. I check this Folder daily and Mark any eMail in there as Spam if I don't recognize it. It would be nice if an ISP that sends more than 50% as Spam to be Blocked until they can control there outgoing Spam.
NefCanuck
join:2007-06-26
Mississauga, ON

NefCanuck

Member

ISP's at fault?

Given how badly my ISP (Sympatico) fails at something as basic as spam filtering (I'm in a constant running battle trying to ensure that their junk mail filter doesn't ashcan legitimate mesasages to me) I'm not surprised that there are ISP's out there, probably with far less resources that can't deal with infected user PC's.

NefCanuck
flbas1
join:2010-02-03
Fort Lauderdale, FL

flbas1

Member

Re: ISP's at fault?

get google mail. that way, you can change your ISP at will (and keep your email addr), and let google (which IS doing a good job of filtering spam) filter spam.

If you don't like Google, there are others (like yahoo and hotmail). but my success is with Google.

RARPSL
join:1999-12-08
Suffern, NY

RARPSL to NefCanuck

Member

to NefCanuck
said by NefCanuck:

Given how badly my ISP (Sympatico) fails at something as basic as spam filtering (I'm in a constant running battle trying to ensure that their junk mail filter doesn't ashcan legitimate mesasages to me).
If an ISP wants to filter my Email for what it considers to be SPAM, I want one of the settings to be "Flag as SPAM" (by inserting a Header saying that the ISP's SPAM filter got triggered) and then pass me the message. The alternative, of course, is for the ISP to have an option to NOT parse incoming mail and just deliver it (ie: Bypass the SPAM filtering/scanning).

IOW: Instead of silently dropping the message, send it to me anyway with an indication that it would have been dropped.

not
@embarqhsd.net

not

Anon

Re: ISP's at fault?

said by RARPSL:

said by NefCanuck:

Given how badly my ISP (Sympatico) fails at something as basic as spam filtering (I'm in a constant running battle trying to ensure that their junk mail filter doesn't ashcan legitimate mesasages to me).
If an ISP wants to filter my Email for what it considers to be SPAM, I want one of the settings to be "Flag as SPAM" (by inserting a Header saying that the ISP's SPAM filter got triggered) and then pass me the message. The alternative, of course, is for the ISP to have an option to NOT parse incoming mail and just deliver it (ie: Bypass the SPAM filtering/scanning).

IOW: Instead of silently dropping the message, send it to me anyway with an indication that it would have been dropped.
Do you know the amount of blatant spam that gets blocked as apposed to possible false positives. Do you really want 10k+ emails in your inbox on a daily basis with [SPAM] tagged in the subject line just so you can create a rule to move them to a subfolder in your email client? Think about how much network bandwidth is saved by not passing along all these blatant messages to you. Think outside the box for a second please... It's not all black and white.

Gbcue
Premium Member
join:2001-09-30
Santa Rosa, CA

Gbcue

Premium Member

Re: ISP's at fault?

said by not :

said by RARPSL:

said by NefCanuck:

Given how badly my ISP (Sympatico) fails at something as basic as spam filtering (I'm in a constant running battle trying to ensure that their junk mail filter doesn't ashcan legitimate mesasages to me).
If an ISP wants to filter my Email for what it considers to be SPAM, I want one of the settings to be "Flag as SPAM" (by inserting a Header saying that the ISP's SPAM filter got triggered) and then pass me the message. The alternative, of course, is for the ISP to have an option to NOT parse incoming mail and just deliver it (ie: Bypass the SPAM filtering/scanning).

IOW: Instead of silently dropping the message, send it to me anyway with an indication that it would have been dropped.
Do you know the amount of blatant spam that gets blocked as apposed to possible false positives. Do you really want 10k+ emails in your inbox on a daily basis with [SPAM] tagged in the subject line just so you can create a rule to move them to a subfolder in your email client? Think about how much network bandwidth is saved by not passing along all these blatant messages to you. Think outside the box for a second please... It's not all black and white.
Google does this automatically.

Moves it to a SPAM folder.
FrontirCynic
join:2006-10-25
Long Beach, CA

FrontirCynic

Member

I let google worry about it

gmail handles all my domain and non domain mail. I dont even think about spam or bots or viruses any more. Its their problem now not mine. All my mail is avail on line and pop 3 (i use both just in case google melts down someday and dumps all my mail)

I would not use ISP domain email if you paid me to use it

I am also using opendns.com in place of verizon fios DNS

SimbaSeven
I Void Warranties
join:2003-03-24
Billings, MT
·StarLink

SimbaSeven

Member

It's not just spam...

..it's trying to get into specific servers and/or routers. You should've seen my log before I emerged fail2ban on my router. I had hundreds of pages just on my SSHd log.

I was getting NAILED from all around the globe. I still am, just not as bad. I was getting dictionary attacks from systems with Very High Bandwidth (100mbps or higher) that could easily DDoS me.
gruntlord6
join:2010-06-10
Barrie, ON

gruntlord6

Member

Ha

my mail server had an issue with spam, I entered 2 custom rules and suddenly, no spam. Its rather simple to stop.

KrK
Heavy Artillery For The Little Guy
Premium Member
join:2000-01-17
Tulsa, OK
Netgear WNDR3700v2
Zoom 5341J

1 recommendation

KrK

Premium Member

The ISP ....

Simply should detect such activity and inform the user. If the user doesn't clean it up, then they should be "walled in". They'll call pretty quickly and then they can be instructed on how to get their privileges restored. If they refuse or don't clean it up then their account is terminated. Simple.

No Net Neutrality problems at all.

realist
@idsno.net

realist

Anon

Re: The ISP ....

I noticed a lot of "they should" or "ISP should", whatever happen to "I Should". I recall this thread is about ISPs that have customers with "bot infected" PCs. Many ISP proactively block infected users or supply some sort of detection/prevention software/service. This was done by most as revenue or value add stream of income. But over time has become "expected" by end-user and the community as a whole. What gets lost in all the noise is the end-user, they claim ignorance and entitlement. Mr. ISP, Mr. Government you must take care of me (my machine). I own the computer, but it is not my responsibility to maintain it in a safe or reasonable working condition. It is the ISP or Government job to clean my machine or block it from world, oh yeah while blocking it from the world, don’t stop my mail or web browsing.