Telstra trial detects 5.4 per cent botnet infection rate
- 14 June, 2012 15:05
- Comments 1
Telstra has successfully trialed using DNS poisoning to prevent botnets on the BigPond network, Telstra principal domain expert, Barrie Hall, said at an Internet Industry Association event to review iCode. The company detected an alarming number of infections, he said.
Telstra was pleased by a trial of Nominum’s Network Protection System (NPS) and is working with Nominum on “next steps,” said Hall.
Telstra used Nominum data to acquire domain names used by botnets to communicate with their “mother ships,” Hall said. “The entire premise of this is to blacklist, or poison if you like, the domain names associated with the command-and-control service.”
“Since DNS is so widely used by criminals, it’s a logical place to stop them,” Hall said.
In the trial, Telsta looked at 1 million IP addresses on BigPond and found that 5.4 per cent showed signs of being infected by a botnet, Hall said. That percentage is better than networks in other countries, he said. In the U.S., Comcast has “admitted up to [a] 15 percent infection ratio,” he said.
In all of Australia, 10 per cent of all fixed connections are infected by botnets, and 5 per cent on wireless, estimated Nominum sales director for Asia-Pacific, Carl Braden.
“A lot of my colleagues would say that mucking with DNS is evil,” Hall said. However, “we’re at war,” he said. “This is a way of helping.”
In a weekly “repeated sightings” report, the Australian Communications and Media Authority usually reports 5,000 to 6,000 infected IP addresses seen 10 or more times in a 14-day period, said ACMA manager of e-security, Bruce Matthews. That shows “continuing persistent infections that aren’t being actioned.”
In the last few months, DNSchanger has represented the greatest volume of infections seen by ACMA, Matthews said. ACMA is issuing a media advisory to help reduce the number of infections, he said. ACMA has seen a “significant” reduction in the number of Flashback infections, he said.
Conficker represents 25 per cent of ACMA’s reports, despite “being around for a very long period of time,” Matthews said. “There are lots of tools out there to fix Conficker. Why it is persisting is a cause for concern.”
Follow Adam Bender on Twitter: @WatchAdam
Follow Computerworld Australia on Twitter: @ComputerworldAU
Recommended
Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.
- Bookmark this page
- Share this article
- Got more on this story? Email Computerworld
- Follow Computerworld on twitter
- Benefits of Deploying Microsoft Exchange Server 2010 on Dell Compellent with Data Progression
- Getting Real About Security Management and Big Data – A Roadmap for Big Data in Security Analytics
- Unleashing the Power of Information
- A Holistic Approach to your BYOD Challenge
- Advanced Persistent Threats and Real-Time Threat Management
-
How to provide IT support to a dispersed workforce
-
Intel claims Haswell will offer 50 per cent more battery life in laptops
-
Intel claims Haswell will offer 50 per cent more battery life in laptops
-
Verizon, Jennifer Lopez partner on Latino-focused wireless stores
-
Santos migrates to Windows 7 before XP support ends
Comments
Yin
1
The reason why conficker remains such a threat, is because people didn't take proper precautions (common sense) in the first place.
And it remains an issue, because people don't care about their servers, they only care that they can browse the internet, get their email and their stuff works.