The Day Before Zero

You may have noted that the Internet Engineering Task Force (IETF) has published a draft standard calling  for measures with which ISP’s can help combat the botnet scourge. The draft standard, Recommendations for the Remediation of Bots in ISP Networks, provides an ISP view of the botnet problem and recommends several methods for alerting customers to the fact that their system(s) have been compromised and are active members of criminal botnets.

Personally, I think this is great initiative from the ISP’s. By volume, home subscribers constitute the largest botnet infections and are frequently the source for many of the mass-attacks enterprise systems suffer from. With the ISP’s help, botnet victims can be alerted to the dangers of their compromised system(s) and proceed down a relevant remediation path.

This new draft standard is a great start. Given the diversity in ISP operations around the globe, this first effort helps lay a framework for further discussion and standards development. There’s still a lot more work to be done though – in particular the aspect of non-PC-based infections (e.g. gaming systems, smartphones, smart home appliances, etc.).

It’s nice to see an industry vertical taking the initiative in helping reduce a threat that all Internet users and businesses face. I think that ISP’s can play a critical role in helping educate subscribers to the threat and remediation. It may take some time, but greater awareness of the threat and more timely identification of botnet compromises will cause considerable pain to botnet operators and their cyber-criminal masters (which is good!).

– Gunter Ollmann, VP Research

This entry was posted on Friday, September 18th, 2009 at 7:15 pm and is filed under Threat Research. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.