FCC Chair Calls On ISPs To Adopt New Security Measures 110
alphadogg writes "U.S. Internet service providers should take new steps to protect subscribers against cyber attacks, including notifying customers when their computers are compromised, the chairman of the FCC said Wednesday. Julius Genachowski called on ISPs to notify subscribers whose computers are infected with malware and tied to a botnet and to develop a code of conduct to combat botnets. Genachowski also called on ISPs to adopt secure routing standards to protect against Internet Protocol hijacking and to implement DNSSEC, a suite of security tools for the Internet's Domain Name System."
Torrents (Score:5, Interesting)
Re:Torrents (Score:5, Interesting)
I doubt they want to piss off some big customers.
If that's the only societal force that can spare us, then we're screwed. Big customers can be whitelisted or "undesirables" can be blacklisted.
I think what we need is to promote an awareness of just how important the Internet is, that screwing around with it for any reason other than good engineering is a bad idea. For example, the DNSSEC mandate is actually a sound idea and stands a good chance of working better than what we have now.
The moment an anti-malware system starts intentionally hindering many (or all) torrents is the moment it ceases to be a technical solution and changes into a political tool. You don't need to understand the technical details of how BitTorrent works to understand this. We need a general public that understands this, for the same reason we need to understand that "think of the children!" includes concern for what kind of authoritarian, regimented society we're leaving them to inherit.
I have to assume that any mandate to "protect against botnets" that could ever be construed to mean bans on entire protocols is going to be inevitably abused. Authoritarian types look for such "opportunities" just as businesses look for new markets. Power is just a different kind of currency.
Re:Don't want your protection (Score:5, Interesting)
Now excuse me while this strange web site forces my browser to full screen and scans my Linux Box for viruses...
I recently started getting calls to our home phone number (which is a silent number mind you) from those lovely "Hey, I'm calling from Microsoft to say that you need to install this program to fix your computer..." folks in some nasty call centre. While I do have a few windows machines around, the majority are also linux. I find it strangely pleasing following their instructions, but seeing how long I can drag out the fun for - not pressing the right things, getting them to repeat the instructions over and over again, trying to get them to hang up. My current record is 21 minutes, while they are peddling crap, you got to hand it to them - they really are patient when trying to snarf your money.
Re:One Has To Wonder About Motivation (Score:4, Interesting)
I have to wonder why government keeps coming up with schemes that essentially require monitoring by the ISP.
Governments cannot abide anyone but themselves with secrets.
Are they maybe just trying to get some kind of monitoring in place, so that they can expand it later?
Yes. It's like the amphibian in the pot. Turn up the heat gradually and it will remain even after the water is boiling.
Re:It will NEVER happen (Score:2, Interesting)
4. It's of absolutely no benefit to the ISP to do anything like this. So what if the customers are infected? They have the internet, malware doesn't hurt the ISPs network unless the ISP itself is the target witch is rarely the case. Even if one of the ISPs customers is the target they just adjust a few routers and the problem goes away. The customer is blissfully unaware of their problem and paying their bill. You don't mess with that. And yes, customers really are stupid enough to think the malware they have had for years and didn't know about, but were suddenly notified of when they signed up for your service, came from you.
*lol* - I'll second this: About a decade ago I saw a small business getting walloped by worm traffic to the point where it was suffering from the degraded link speed (firewall drops packets on the CPE side of the link, you see). I called the ISP and said "can you filter these ports, this traffic is getting heavy?" and the response was "no chance, once it enters the network we get billed from our upstream provider, so we need to deliver it somewhere so that we can charge for it" !
[And three cheers to the captcha: plunder]
Re:Customer Contact (Score:4, Interesting)
Indeed. Cox, a cable ISP in the US, was silently re-writing DNS TTLs from whatever value the authoritative nameserver had set to 30 seconds. It didn't matter if it was a long-lived NS record or a short-lived dynamic DNS entry, everything got changed to 30 seconds. Even the entries for the root nameservers were cached for 30 seconds, increasing their load.
When I had their service and this was affecting me I wrote to their customer support and prefixed the message with a "This is a specialized technical issue about Cox's DNS servers and is not addressable by customer support staff. Please forward this to the systems/network administration folks." The message included a quick summary of the problem, results of dig tests on both Cox's and third-party resolvers, etc.
I got a response two days later saying "We're sorry you're having difficulty setting up your wireless router. You might find the instructions at $URL helpful..."
After that point, I stopped bothering and switched to Google Public DNS. Google's nameservers respected TTLs, didn't do the SiteFinder interception of non-existent domains, and actually had better performance.
Re:Torrents (Score:4, Interesting)
More to the point, such legislation to disconnect "infected" machines implies that there is some standard for a "clean machine". And you can BET that "clean machine" model is based on known, locked down, PROPRIETARY operating systems, not someone running their own mods for a Linux distribution.