Telstra trial detects 5.4 per cent botnet infection rate
- 14 June, 2012 15:05
Telstra has successfully trialed using DNS poisoning to prevent botnets on the BigPond network, Telstra principal domain expert, Barrie Hall, said at an Internet Industry Association event to review iCode. The company detected an alarming number of infections, he said.
Telstra was pleased by a trial of Nominum’s Network Protection System (NPS) and is working with Nominum on “next steps,” said Hall.
Telstra used Nominum data to acquire domain names used by botnets to communicate with their “mother ships,” Hall said. “The entire premise of this is to blacklist, or poison if you like, the domain names associated with the command-and-control service.”
“Since DNS is so widely used by criminals, it’s a logical place to stop them,” Hall said.
In the trial, Telsta looked at 1 million IP addresses on BigPond and found that 5.4 per cent showed signs of being infected by a botnet, Hall said. That percentage is better than networks in other countries, he said. In the U.S., Comcast has “admitted up to [a] 15 percent infection ratio,” he said.
In all of Australia, 10 per cent of all fixed connections are infected by botnets, and 5 per cent on wireless, estimated Nominum sales director for Asia-Pacific, Carl Braden.
“A lot of my colleagues would say that mucking with DNS is evil,” Hall said. However, “we’re at war,” he said. “This is a way of helping.”
In a weekly “repeated sightings” report, the Australian Communications and Media Authority usually reports 5,000 to 6,000 infected IP addresses seen 10 or more times in a 14-day period, said ACMA manager of e-security, Bruce Matthews. That shows “continuing persistent infections that aren’t being actioned.”
In the last few months, DNSchanger has represented the greatest volume of infections seen by ACMA, Matthews said. ACMA is issuing a media advisory to help reduce the number of infections, he said. ACMA has seen a “significant” reduction in the number of Flashback infections, he said.
Conficker represents 25 per cent of ACMA’s reports, despite “being around for a very long period of time,” Matthews said. “There are lots of tools out there to fix Conficker. Why it is persisting is a cause for concern.”
Follow Adam Bender on Twitter: @WatchAdam
Follow Computerworld Australia on Twitter: @ComputerworldAU
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Trust issue looms large for tech companies capitalizing on personal data
5 women who've made it in IT
Five trends affecting legal CIOs
CIO Roundtable: The changing face of security
Bitcoin malware count soars as cryptocurrency value climbs
15 Minute Guide to Smarter Backup
Backup and recovery has become an essential element of data protection. The availability and integrity of data can directly impact revenues, profits, and company reputations. The people, process and infrastructure involved can also affect key business initiatives. This whitepaper explains the real challenges of traditional architecture, and why protection storage architecture might be the solution.
The Collaboration Paradox
In this whitepaper, we look at how new collaboration tools enable global executives to get more out of teams and make faster decisions. However, these teams feel restricted by outdated communication methods that lead to slower decision making and ultimately wasted time and money. Download to hear from the most enthusiastic adopters of collaboration tools and the benefits they have seen in their workplace.
Case Study: The True Value of Conference Calling
In a study by the University of Bradford study, we look at the benefits of a strong telepresence and how organisations can become faster, more focused and environmentally responsible. Click to download!