Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The Internet Engineering Task Force (IETF) has published a draft standard calling for measures that internet service providers (ISPs) can use to defeat botnets.
The document says that mitigating botnet effects and remediating botted systems could make it more difficult for networks of zombie computers to operate, in addition to reducing the level of online crime.
“Efforts by ISPs and other organisations could, over time, reduce the pool of computers infected with bots on the internet,” the IETF draft said.
“The draft is trying to get at common ways of dealing with botnets,” Gunter Ollmann, vice president of research at anti-botnet provider Damballa, told SCMagazineUS.com Thursday. “Given the broad spectrum of ISPs and where they operate, there are a variety of ways they interact with their customers and the kinds of advice they can provide.”The draft includes contributions from a number of leading-edge ISPs that have been dealing with the problem for some time, said Alex Bobotek, co-vice chairman of the Messaging Anti-Abuse Working Group. “Certain ISPs have developed techniques to identify infected machines, notify the users and remediate the problems," Bobotek told SCMagazineUS.com Thursday. "These [standards] are best practices for dealing with the problem."For example, ISPs are in a unique position to detect botnets operating in their networks, and can inform their customers when their computers have been infected.
“The owner of a machine almost always has no idea that they have been compromised,” Ollmann said. “And the compromised hosts are constantly being updated.”
Once users have been notified that they are botted, the draft said, they can take steps to remove the bot, resolve problems stemming from the infection and protect themselves in the future.
“ISPs are stepping up to the plate,” Ollmann said. “They're realising the nature of the botnet threat, and that they are in a frontline position to help deal with the threat.”
See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.