FCC, ISPs Join Forces to Fight Routing Hijacks, Botnets
March 26, 2012 1:51 PM
Coalition will also work to secure DNS servers
Comcast Corp. (
), Time Warner Cable, Inc. (
), AT&T, Inc. (
), Cox Communications, CenturyLink, Inc. (
), Deutsche Telekom AG's (
) subsidiary T-Mobile USA, and Verizon Communications Inc. (
) and Vodafone Group Plc.'s (
) joint cellular venture, Verizon Wireless, at a special meeting in Washington D.C. all agreed to join forces with the
U.S. Federal Communications Commission
Communications, Security, Reliability and Interoperability Council
(CSRIC) in policing the internet.
I. DDOS Blockade -- a Thorny Issue
policing the internet
" is typically associated with the ISPs' volunteer efforts to combat copyright infringement (which in ISP eyes brings legal risks and extra bandwidth use), the new effort deals with fighting aggressors who look to exploit routing to destructive ends.
One issue the coalition will look to combat is botnets. A botnet is formed when malware infects thousands of computers, giving a
distributed platform controlled from a central command and control (CnC) server
. A botnet is a powerful tool. A large botnet can
take down many webpages
simply by ordering all its controlled machines to visit the target page, overloading it with traffic. At the same time, they can be employed in more sophisticated for-profit crime, such as
sending spam email
Microsoft Corp. (
) has joined with law enforcement to
take down several top botnets
in the last year. Its approach has focused on "decapitating" the botnet by locating and killing the CnC server. But many feel that ISPs could help cut off the greater body of botnets at their source, given that they have access to data that could be used to identify and target solutions at infected machines.
Together the ISPs and feds have crafted a guiding document titled "Anti-Bot Code of Conduct."
With regard to distributed denial of service (DDOS) attacks, where things could get interesting is in the case where individual non-infected users commit a mass attack. In such cases the attack can closely resemble a botnet-driven DDOS attack. In such a case ISPs could step in and kill the attackers' internet connections -- either thinking or claiming them to be part of a botnet.
New policies could make it harder for
to engage in DDOS webpage takedowns.
[Image Source: Jason Mick/DailyTech]
While many would feel that cutting off
this weapon used by
and others would be a great thing, others feel that eliminating non-malware DDOS campaigns would be akin to
silencing public protest
. Some view DDOS attacks by users as a digital equivalent of a sit-in/strike and view countermeasures as totalitarian.
II. Protecting DNS, Fighting Routing Hijacks
A second issue considered by the coalition is routing hijacks. The issue gained notice when millions of connections were
"accidentally" routed through Chinese servers
last year. While China claimed it was an innocent glitch, some saw it as a concerted hijacking effort. By redirecting traffic through its servers, an aggressor nation could potentially glean valuable bits of intelligence, by decreasing its difficulty in intercepting conversations. While sophisticated secure channels typically keep track of the delay between connections and thus would shut off in such a scenario, such loss of secure links could prove almost as bad as their compromise.
Bundled with the second issue is the third issue of
vulnerabilities to the domain name system (DNS)
, the databases that associate websites' text-string URL representation with specific numeric internet protocol addresses. Domain hijacking via DNS attacks remains a popular method of hacking, and in some cases hackers have taken down entire DNS server blocks.
Domain hijacking and traffic rerouting can raise serious threats to national security online. [Image Source: Chris Woebken/Flickr]
The FCC and some others have advocated a new protocol dubbed DNSSEC ("Domain Name System Security Extensions"), but the coalition shied away from accepting that effort. The key point of contention is that the new protocol would expose all the domains within a particular host, which would give attackers a virtual laundry list of who to attack.
Standards committees are working to address this major security flaw, but a robust solution has not yet been fully realized.
In the meantime, the coalition hopes to push browser-makers to do a better job monitoring DNS antics, and protecting users from visiting known hostile domains.
Together, the ISPs and FCC's DNS/routing pact is dubbed "the DNS code of conduct".
The two pacts are not without their controversies (most notably, the possibility of the anti-botnet provisions being used as a tool to suppress public protest via DDOS). However, for the average user, these efforts may help cut your spam burden and cut down on the danger of getting your system unwitting hijacked.
FCC [press release]
[meeting notice; PDF]
"What would I do? I'd shut it down and give the money back to the shareholders." -- Michael Dell, after being asked what to do with Apple Computer in 1997
Verizon, TWC, and Comcast to Play "Copyright Cop" for the RIAA
March 16, 2012, 12:31 PM
Megaupload is Megapwned by Gov't, Anonymous Hits Back, Downs DOJ Homepage
January 19, 2012, 9:34 PM
New York Stock Exchange Hack Attack Fizzles
October 11, 2011, 9:35 AM
GPU Roaring? You May Be Infected With a Bitcoin Trojan Says Symantec
August 17, 2011, 4:47 PM
Microsoft Says Any Botnet Can be Decapitated, Destroyed
July 10, 2011, 2:20 PM
Science & Environment
February 20, 2017, 6:37 AM
The USA’s newest weather satellite sends first photos.
January 24, 2017, 6:41 AM
Netflix took a decision to invest in original content
January 19, 2017, 7:00 AM
Amazon Airborne Fulfillment Center – Your Merchandise Drop-Shipped from the Clouds
December 29, 2016, 5:00 AM
Amazon is experimenting with a new kind of grocery stores, Amazon Go
December 8, 2016, 5:00 AM
Google has developed Deep Learning Algorithm to detect Diabetic Eye Disease
December 4, 2016, 5:00 AM
Most Popular Articles
Samsung Galaxy S8, Rumored Launch Date!
March 18, 2017, 6:45 AM
Lenovo MIIX 510 – Excellent 2-In-One Tablet with Unique Watchband Hinge
March 17, 2017, 7:50 AM
Gigabyte GA-Z170X-Gaming G1 – Intel Thunderbolt 3 Certified Motherboard
March 9, 2017, 6:25 AM
Lenovo ThinkPad T460 - Ultra-Thin and Feather-light
March 3, 2017, 6:00 AM
Nokia has ditched this camera technology in its new smartphones
March 7, 2017, 8:45 AM
Latest Blog Posts
Apple buys an automation app called Workflow. The deal was completed today and brings the app along with its developers.
Mar 23, 2017, 7:35 AM
Apple Announces new color for iPhones and iPads
Mar 22, 2017, 7:45 AM
Instagram: You Can Now Save Live Videos For Later
Mar 21, 2017, 7:49 AM
Samsung Galaxy S8 to Get New Color Scheme
Mar 20, 2017, 7:45 AM
What else to worry about?
Mar 17, 2017, 6:45 AM
Icon of the Day: Intel/ NVIDIA or Mobileye
Mar 16, 2017, 6:15 AM
JUST IN - Twitter Hijacked : High-Profile Account Accesses
Mar 15, 2017, 7:07 AM
Mar 14, 2017, 7:30 AM
News and Tips
Mar 13, 2017, 6:30 AM
iPhone 8 – May Not Get Curved Screen
Mar 11, 2017, 8:00 AM
California paves way to self-driving car tests without humans
Mar 11, 2017, 7:18 AM
Smart Machines V hackers
Mar 10, 2017, 7:00 AM
Uber Can Resume Autonomous Car Testing in California
Mar 9, 2017, 6:50 AM
Mar 8, 2017, 7:09 AM
Mar 7, 2017, 8:45 AM
World news 3-6
Mar 6, 2017, 5:40 AM
Mar 4, 2017, 7:40 AM
Mixed News of the Day
Mar 4, 2017, 6:32 AM
Jaguar Land Rover invests in ride-sharing
Mar 3, 2017, 7:00 AM
Mixed News of The World:
Mar 2, 2017, 7:02 AM
World New 3-1
Mar 1, 2017, 6:30 AM
Gaming News of The Day
Feb 28, 2017, 6:56 AM
More Blog Posts
Copyright 2017 DailyTech LLC. -
Terms, Conditions & Privacy Information