IETF forges botnet clean-up standard
Shooting zombie PCs in the head
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
The IETF is developing a standard for how ISPs should go about cleaning up subscriber botnet infections.
A draft standard from the net standards body covers techniques for identifying compromised machines, how to notify affected customers and what advice to give them on the best way to clean-up infections - a sometimes tricky process. The IEFT's Recommendations for the Remediation of Bots in ISP Networks can be found here.
The document covers such thorny subjects as best practices for botnet detection and how to direct users towards an infection clean-up portal containing disinfection tools and information. As a technical standard, the proposals omit consideration of how clean-up operations might be financed. Possible punishments for users who leave their machines infected despite clean-up advice is also outside the scope of the standards. The IETF is inviting feedback on its proposals.
The initiative ploughs much the same ground as an independent proposal by Australia's Internet Industry Association (IIA), also in the draft stage, on how to purge spam-relaying zombie clients from ISP networks Down Under. ®
COMMENTS
The "don't cares"
Should be prosecuted.
Once warned that they're part of a botnet they're liable for damages if they don't take steps to fix the machine - or at the very least any liability cover they may have is voided.
Seriously though: The problem will pretty much solve itself if infected users face the full costs they end up inflicting on the outside world - contractual penalties in ISP agreements would be a good starting point.
@The Original Steve
I'd be quite happy to pull the "DO NOT REMOVE" stickers off my car. I've never seen any in all my years of fiddling with automotive componentry though. In my experience it's the computers that tend to come with warranty invalidating stickers containing threats of doom liberally applied to all the important bits.
Incidently, you should save yourself some cash and give it a go. Cars are easier and more therapeutic to fix/service yourself than computers. For a start, many of the important bits won't break if you get pissed off and wallop them with a hammer....
What - I have to fill this in ?
I'm with those calling for ISPs to be responsible, and that the end user is responsible for the costs.
Taking the car analogy again - as someone points out, if you don't know how to maintain your car, you take it to someone who does and pay them to do it. The reason we have an MoT test is (again as someone points out) too many people just don't care - without the test too many people will just drive around in a car that's getting worse and worse until it won't go any more. Take a damaged car out on the road and sooner or later a copper will spot you and stop you - so why is it seen as so bad for your ISP to see you have a 'dangerous' PC and force you to take it off the internet highway.
A while ago I started getting blocked malware messages from a relative the other side of the world - it took some time to persuade here that she had a problem, and even longer for her to fix it.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
