Where are the ISPs in the battle against Botnets?
Botnets have threatened the very viability of email, so why haven’t ISPs joined in the battle to put them out of business? Experts say that ISPs just don’t have the resources yet in place to do battle, and it probably doesn’t make financial sense for them either. Yet!
“I don't think the botnet problem is large enough in the U.S. to catch ISPs' attention here yet," says David Maynor, CTO of Errata Security. "It will have to start costing them a lot of money first.”
That’s not to say not all ISPs haven’t joined the battle. Earthlink works with a “feedback loop system” where users can click a “this is spam” button, which helps Earthlink update their filters. Earthlink is an active member of the Messaging Anti-Abuse Working Group (MAAWG), which also includes Microsoft, Verizon, Cox Communications, Comcast, and Bellsouth. Recently MAAWG added behavioral monitoring to help detect zero-day attacks.
Then again, some people are plenty glad IPSs have stayed out of the fight. For ISPs to be actively involved they must have remote access to your desktop.
Says Dan Kaminsky, director of penetration testing for IOActive, “I don't want an ISP to have root on my box," he says. "Why should an ISP be in the position to monitor what software I'm running? Should they even know? But on the flip side, we are not winning the bot war, we’re losing it substantially, which may require a rethinking of networking in general and how we deal with botnets," he says. "Even if you gave Comcast or another ISP root on millions of machines so they could see if botnets are on them... Botnet authors could just hide from them.”
ISPs should definitely be actively quashing command and control botnet nodes that run on their networks, though, he says. This was taken from a list at Dark Reading.
Tags: botnet, ISP Botnet
Leave a comment