ISP's disconnecting compromised computers

Post by **+JuggerNaut+** » Wed Apr 13, 2005 9:28 am

says Telstra Bigpond (Aus)

""Customers with suspected compromised PCs are being contacted where possible to encourage them to rectify the issue and if necessary are being disconnected from the network while the issue is rectified".

more

good move if you ask me.

Post by **U4EA** » Wed Apr 13, 2005 9:37 am

Notifying people is great and all, but they shouldn't be disconnecting them from the network. Telstra is a pretty crap ISP btw. They're massive, and they rip off the people who don't know better than to pay exorbitant sums of money for like 10 GB of quota per month!

Post by **+JuggerNaut+** » Wed Apr 13, 2005 9:45 am

so you don't think that, after notification and nothing is done about the false dns requests from that ip among other things, that they shouldn't be removed from the network?

i have no comment on Telstra's customer service or quality, but certainly would be in favor of this if i was a customer experiencing a large amount of 404's and overall slow connectivity because of overloaded dns servers.

Post by **U4EA** » Wed Apr 13, 2005 10:57 am

Dunno. Maybe.

Post by **R00k** » Wed Apr 13, 2005 12:38 pm

How are you going to update your virus software and get cleaning programs without net access though?

Post by **Foo** » Wed Apr 13, 2005 4:21 pm

The idea in itself is great.. it forces people to figure out what's wrong with their computer.

However, it establishes a precedent more dangerous than it's worth, since the same kind of data transfer can be seen when using bittorrent and such.

There have been a few ISPs over here who kicked bittorrent users off their connections, and when quizzed stated it was something to do with a massive number of connections looking like a virus.

Post by **bork[e]** » Wed Apr 13, 2005 4:25 pm

I'm sure what goes down isn't just they find out their computer is screwed and then nuke their connection.

We have done the same thing the in the past, not to that extreme but we have killed peoples account until they can give us some proof that their computer is clean.

We usually only do that if at&t calls us and tells us that if we don't do it, they will kill that subnet.

But like I'm sure this companey does, we usually give them a warning and then tell them how and what to do to get it going...

Post by **+JuggerNaut+** » Wed Apr 13, 2005 5:35 pm

R00k wrote:How are you going to update your virus software and get cleaning programs without net access though?

they warn you ahead of time it seems. so if it's not been cleaned by a certain date then it's disconnected. nothing wrong with that.

Post by **+JuggerNaut+** » Wed Apr 13, 2005 5:36 pm

Foo wrote:There have been a few ISPs over here who kicked bittorrent users off their connections, and when quizzed stated it was something to do with a massive number of connections looking like a virus.

i didn't realize Bittorrent clients gave off false dns requests.

Post by **+JuggerNaut+** » Wed Apr 13, 2005 6:26 pm

riddla wrote:
+JuggerNaut+ wrote:
Foo wrote:There have been a few ISPs over here who kicked bittorrent users off their connections, and when quizzed stated it was something to do with a massive number of connections looking like a virus.
i didn't realize Bittorrent clients gave off false dns requests.
probably because they dont.

which was what i was thinking. was trying to find out what foo was talking about. the article only mentions false dns requests.

Post by **Foo** » Wed Apr 13, 2005 9:21 pm

Sorry, yeah, doesn't pertain directly to that problem. I should of added backstory but I assumed everyone knew.

The wider issue of ISPs disconnecting compromised users came to a head when the blaster/Welchia stuff was at its peak, and they were gauging who had the virus by looking for clients with massive numbers of open connections.