[LINK] OzIT: 'ISPs could strangle zombies / disconnect subscribers'

Roger Clarke Roger.Clarke at xamax.com.au
Tue Sep 29 09:05:36 AEST 2009 

[The possibility has been raised of ISPs disconnecting devices from 
the Internet that they judge to be compromised.

[As many functions of society and the economy become increasingly 
dependent on an Internet connection, that's a pretty serious form of 
denial of service.  Particularly given the very high proportion even 
of corporate devices that are compromised, let alone of consumer 
devices.

[It's important that IIA receive feedback on the notion.

[Karen Dearne's article is below, and the IIA links are below that.

________________________________________________________________________


Providers could strangle zombies
The Australian IT Section
Karen Dearne
September 29, 2009
http://www.australianit.news.com.au/story/0,24897,26137603-15306,00.html

INTERNET service providers hope to boost the fight against armies of 
compromised computers -- known as botnets -- through a voluntary code 
that could shut down zombies one by one.

Internet Industry Association spokesman John Hilvert said that while 
the proposed code focused on identifying botnet activity and warning 
customers, in extreme cases ISPs could disconnect infected computers 
to prevent further damage across their networks. "It's not in an 
ISP's interest to provide support to a botnet unit," he said.

"Botnets are one of the biggest threats to the internet right now, 
and one of the main conduits for cyber-crime. There's also a big fear 
that they could be used in quasi-terrorist actions against countries. 
If you can control several million bots, then you can bring down a 
whole system by launching the ultimate denial of service attack."

Mr Hilvert said most people were unaware their PC had been taken over.

Under the draft code, ISPs will monitor network traffic for patterns 
of bot activity, and attempt to contact customers by phone, email or 
by limiting network access by throttling internet speed, temporarily 
suspending access or otherwise prompting a call to the helpdesk.

Many ISPs already take steps to notify customers of problems, and Mr 
Hilvert said the aim was to provide a more consistent approach that 
was both fair and upfront for consumers. "Users will probably be sent 
to a page which basically says, 'If you have received one of these 
notices, your system has a case of bad breath and it's causing a lot 
of coughing around the network -- can you please do something about 
it?," he said.

"The customer will be given links to security software and to 
personalised support companies that will come out and fix things if 
necessary.

"But if, after all that, an account holder's machine is still playing 
a mischievous part in the network, their account could be placed in a 
'walled garden' (without access to the internet) until action is 
taken."

The IIA is seeking comment by the end of the month.

________________________________________________________________________


eSecurity Code to protect Australians online
Written by John Hilvert
Friday, 11 September 2009
http://www.iia.net.au/index.php/section-blog/90-esecurity-code-for-isps/757-esecurity-code-to-protect-australians-online.html

...

On 10 June the IIA in association with the Government, ISPs, security 
vendors and consumer representatives convened a meeting to explore 
the merits of a new voluntary eSecurity code so that there will be a 
fair and uniform approach embraced with the aim of reducing malware 
infected systems.

The meeting agreed that A Draft Code Principles with representative 
from all stakeholders with a final version of the voluntary code 
envisaged by 1 December 2009.

The draft Code has four main elements:
1.   Identification of compromised computers
2.   Customer contacts
3.   Provision of information and advice to fix the compromised system; and
4.   A reporting function for alerting about serious scale threats, 
such as those, that may threaten national security.

Members of the public may respond to the draft code by posting their 
comments and suggestions to securitycode at iia.net.au no later than 
Friday 30 October 2009.

The Draft code is available at http://www.iia.net.au/code.pdf


-- 
Roger Clarke                                 http://www.rogerclarke.com/
			            
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list