Standard offers best practices for ISPs to fight botnets
The Internet Engineering Task Force (IETF) has published a draft standard calling for measures that internet service providers (ISPs) can use to defeat botnets.
The document says that mitigating botnet effects and remediating botted systems could make it more difficult for networks of zombie computers to operate, in addition to reducing the level of online crime.
“Efforts by ISPs and other organizations could, over time, reduce the pool of computers infected with bots on the internet,” the IETF draft said.
“The draft is trying to get at common ways of dealing with botnets,” Gunter Ollmann, vice president of research at anti-botnet provider Damballa, told SCMagazineUS.com Thursday. “Given the broad spectrum of ISPs and where they operate, there are a variety of ways they interact with their customers and the kinds of advice they can provide.”
The draft includes contributions from a number of leading-edge ISPs that have been dealing with the problem for some time, said Alex Bobotek, co-vice chairman of the Messaging Anti-Abuse Working Group.
“Certain ISPs have developed techniques to identify infected machines, notify the users and remediate the problems," Bobotek told SCMagazineUS.com Thursday. "These [standards] are best practices for dealing with the problem."
For example, ISPs are in a unique position to detect botnets operating in their networks, and can inform their customers when their computers have been infected.
“The owner of a machine almost always has no idea that they have been compromised,” Ollmann said. “And the compromised hosts are constantly being updated.”
Once users have been notified that they are botted, the draft said, they can take steps to remove the bot, resolve problems stemming from the infection and protect themselves in the future.
“ISPs are stepping up to the plate,” Ollmann said. “They're realizing the nature of the botnet threat, and that they are in a frontline position to help deal with the threat.”
