Could routers/modems help identify zombies?

[bnelson]

A lot of spam is sent by zombie PCs that have been hijacked by a virus or trojan. The owners have no idea their machines are infected. As many of you are aware, you can install firewalls and virus scanners to reduce your risk of this. However, many people don't do this. They're not tech savvy enough to keep their PCs safe.

I was thinking there needs to be a very simple solution that doesn't require PC configuration. Something that Grandma would have no problem using. So I was wondering if there's a way the router or modem could let you know when mail was being sent. That way it wouldn't require any configuration of the various PCs on the network.

If the router were to beep every time it made an outbound connection to the mail port 25, the owner would be able to hear when unauthorized mail is being sent. If I heard a beep after I sent mail, I know that's from me and it's safe. But if the thing is beeping constantly 24 hours a day, I know I have an infected machine. Even Grandma is going to get tired of the beeping and call someone to take care of it.

I don't think any routers do this today, but is it something that is technically possible?

[Telarin]

I don't see why not. The router would have to have some kind of buzzer/beeper in it, which I don't believe any do today, but it wouldn't be difficult for the manufacturers to add one. And then just a default option in the configuration to beep when an outbound connection was made on port 25.

The trick of course would be convincing the manufacturers to add something like this, as they would have to eat the cost of the R&D necessary and the increased cost of parts.

[Farelf]

Wouldn't it really be easier at the software level? I understand some of the freeware "sniffers" and so on are a bit technical but a user friendly version can't be impossible? Or

...The trick of course would be convincing the manufacturers to add something like this, as they would have to eat the cost of the R&D necessary and the increased cost of parts. ...

Or maybe the "hobby" electronics mags like Elektor or Silicon Chip might look at some sort of add-on or bridge. Elektor seems a bit more "free lance", SC still had project staff last I looked. Shouldn't be too hard to sell the merits? Just about everyone has either been 'borged at some time and/or is worried they could soon be.

[bnelson]

No doubt a software solution would be easier. Heck, the current batch of firewalls essentially provide this feature. If a malicious program were to try to connect to the internet, the firewall would popup would come up asking the user for permission.

The problem is that the internet is dominated by people like my in-laws. I went to use their computer one time and it was packed with spyware. I looked at the firewall application list and everything was granted access. When I asked my in-laws about that, they said "oh, those stupid messages come up all the time. We just hit ok so they'll go away." Umm.. ok... No wonder 80%+ of spam is spent by botnets.

That's why I think some sort of hardware solution would be good. I would think the ISP companies would have some interest in this type of feature. Since they provide the modems, they could encourage the manufacturers to add it.

I could envision an initial, stand-alone device that you would plug directly between the modem and your ethernet cable. Some sort of dongle-like device. In addition to the beeping, it could provide these type of features:

- Completely block port 25: Some people don't have a local mail client. They use webmail exclusively. No need to allow any connections.

- Configurable limit # of connections: Only allow a certain number of outgoing port 25 connections per day. Most people send just a few emails a day. Any connection over that would be blocked.

- Configurably limit connections to certain hours: Only allow port 25 connections during certain times of the day. If you're asleep at 3am, your computer shouldn't be sending email.

Eventually these types of features could get added to the routers and modems.

I'd be interested in hearing about other ideas that the device could do to prevent unauthorized outgoing email. I plan on contacting the ISPs and device manufacturers to see if they'll do something like this. I'm throwing a lot of stuff out here so that it'll be prior art and they can't patent these ideas. For this to really cut down on spam, it needs to be as widespread as possible.

[Miss Betsy]

How do you know that I am asleep at 3 am? Sometimes I wake up and it's either the TV or the computer until I get sleepy again. Also, there are lots of shift workers who might be awake and ready to email at 3 am. Not to mention those who want to connect with someone who is really up at 3 am EDT -700 (I don't know what that translates to GMT time, but the point is that some people may want to communicate at that hour).

And, there is my sister-in-law who has at least 100 friends she emails! Lots of ISPs do limit the number of emails that you can send per day already.

Miss Betsy

[petzl]

I'd be interested in hearing about other ideas that the device could do to prevent unauthorized outgoing email. I plan on contacting the ISPs and device manufacturers to see if they'll do something like this. I'm throwing a lot of stuff out here so that it'll be prior art and they can't patent these ideas. For this to really cut down on spam, it needs to be as widespread as possible.

Blocking port 25 forcing email to go through an ISP's email gateway is adequate

The use of a greylist effectively stops spam reaching inbox. Not ever had any false positives (although SpamCop emails whitelist will bypass greylisting)

spam is not the only concern about trojans being on a computer other criminal activity is also a growing concern (home invasion one of a many of them, a zombie will tell a thug when you are home and or when you are not)

I only use webmail for setting options like white and blacklisting. Spammers while lacking brains do adapt to changing situations