Telstra BigPond is disconnecting customers with malware

It isn't quite as bad as it sounds, but Australian ISP Telstra BigPond is alerting its customers of temporary breaks in their service if it suspects that their large bandwidth draws are due to malware on the end-user machines (the issue is that they are flooding DNS servers with bogus requests).

It sounds like in some cases the issue can be rectified without disconnecting the system, but if they don't do it in a timely fashion, then they lose the connection, giving them an incentive to address the problem. This makes sense since many users are loathe to bother with it unless given a reason to... which in this case would be the loss of service. But the issue there is that in many cases, the way to fix the problem requires an internet connection.

I wonder if these DNS issues are related to the DNS spoofing that was seen recently supposedly caused by spammers? It does sound like it could be related (flood a legit server so that it is too busy to answer requests and then spoof responses from another machine). That is really just a guess though.

Posted by Eric at April 13, 2005 10:55 AM | TrackBack