Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Telstra trial detects 5.4 per cent botnet infection rate

Top telco says it had a successful test with DNS poisoning.

Telstra has successfully trialed using DNS poisoning to prevent botnets on the BigPond network, Telstra principal domain expert, Barrie Hall, said at an Internet Industry Association event to review iCode. The company detected an alarming number of infections, he said.

Telstra was pleased by a trial of Nominum’s Network Protection System (NPS) and is working with Nominum on “next steps,” said Hall.

Telstra used Nominum data to acquire domain names used by botnets to communicate with their “mother ships,” Hall said. “The entire premise of this is to blacklist, or poison if you like, the domain names associated with the command-and-control service.”

“Since DNS is so widely used by criminals, it’s a logical place to stop them,” Hall said.

In the trial, Telsta looked at 1 million IP addresses on BigPond and found that 5.4 per cent showed signs of being infected by a botnet, Hall said. That percentage is better than networks in other countries, he said. In the U.S., Comcast has “admitted up to [a] 15 percent infection ratio,” he said.

In all of Australia, 10 per cent of all fixed connections are infected by botnets, and 5 per cent on wireless, estimated Nominum sales director for Asia-Pacific, Carl Braden.

“A lot of my colleagues would say that mucking with DNS is evil,” Hall said. However, “we’re at war,” he said. “This is a way of helping.”

In a weekly “repeated sightings” report, the Australian Communications and Media Authority usually reports 5,000 to 6,000 infected IP addresses seen 10 or more times in a 14-day period, said ACMA manager of e-security, Bruce Matthews. That shows “continuing persistent infections that aren’t being actioned.”

In the last few months, DNSchanger has represented the greatest volume of infections seen by ACMA, Matthews said. ACMA is issuing a media advisory to help reduce the number of infections, he said. ACMA has seen a “significant” reduction in the number of Flashback infections, he said.

Conficker represents 25 per cent of ACMA’s reports, despite “being around for a very long period of time,” Matthews said. “There are lots of tools out there to fix Conficker. Why it is persisting is a cause for concern.”

Follow Adam Bender on Twitter: @WatchAdam

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

References show all
Comments are now closed.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • IDC MarketScape Excerpt: Worldwide Client Virtualization Software Assessment
    The rise of BYOD is creating governance and regulatory nightmares while providing end users with unprecedented flexibility and agility. While IT is still intrigued by the possibility of a better desktop management model and the operational savings client virtualization software could deliver, it is the increased governance and the ability to deliver desktops, applications, and data to any device that are driving today's purchases.
    Learn more »
  • Case Study: ETEL Limited
    Read how ETEL Limited, a pioneering design and manufacture business in New Zealand, managed to perfect their expansion into new markets by utilising an ERP system to support growth and provide “one source for truth” accessible to the entire organisation.
    Learn more »
  • Simple, Proven, Tranformative
    A cheat Sheet for Google Apps for Business
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Salary Calculator

Supplied by

View the full Peoplebank ICT Salary & Employment Index

Recent comments

Computerworld
ARN
Techworld
CMO