General discussion


ISP cripples zombie PC network

By Mark W. Kaelin Editor ·
Zombie PCs are no laughing matter. If left unchecked they can cause all kinds of problems for networks and system administrators.
Telenor used some ingenious techniques involving IRC to track down and eliminate an entire network of zombies and the botnet they were connected to.
While Telenor was able to shut down the illicit network, they were not able to get all the way to the source. This means the botnet could already be reestablished. How do we protect ourselves from such a sophisticated attack?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

ISPs have to take the lead

by stress junkie In reply to ISP cripples zombie PC ne ...

ISPs are in the position to detect and take quick action when traffic based problems are created. Extremely high traffic from a group of the ISP's clients to a specific IP address is obviously a DDoS attack in progress. The ISP should take action as soon as such a situation can be identified. At the very least, the ISP could prevent the bogus traffic from being relayed to other ISPs.

The same thing is true about worms that infect 99 percent of their victims within 20 minutes of the virus being released into the public network. ISPs should be able to detect this kind of situation and prevent the traffic from being transmitted over their network.

Spam is another situation that could easily be detected and stopped at the ISP level.

Email viruses, although a somewhat trickier situation due to the viruses riding on valid email messages, could also be stopped by ISP intervention.

In summary, I think that the ISPs have the ability to detect most of the network transmitted problems that we face today. I also think that they have the responsibility to take effective action to stop these problems whenever possible, which is much of the time.

Related Discussions

Related Forums