repair zombie machines (was: DNS - connection limit)

william(at) william at
Sat Dec 9 17:00:51 UTC 2006

On Fri, 8 Dec 2006, Jim Popovitch wrote:

> On Fri, 2006-12-08 at 19:56 +0200, Petri Helenius wrote:
>> Has anyone figured out a remote but lawful way to repair zombie machines?
> Very interesting question.  I personally believe that OS EULAs and ISP
> ToS guidelines provide for an ISP or an OS mfg (i.e. Microsoft) to force
> updates and fixes via any means.  That is: if I am your customer and my
> PC/router/USB-Camera/whatever is throwing crap your way, crap that
> violates your ToS or indicates that I am out of compliance with an EULA,
> then I believe others have the right (and IMHO the obligation) to step
> in and correct things (it's what parents do for their kids everyday).
> So, according to me, any corrective action is lawful when dealing with
> customers and equipment that have violated an EULA or ToS guidelines.

Sending updates in automated way or forcing updates is only ok if
person previously authorized such action, i.e. enabled automated
updates. This is in fact dangerous in itself since it also presents
single point of potential failure if system providing updates is
itself compromised - that is why many choose not to do it
and enterprises setup their own updates distribution systems.

As far as your question, in my opinion it would be legal for you to
check if somebody did or did not do an update but only using tools
that check publicly available data reported from the system (i.e.
what you can gather by sending it packets to open ports). As an
ISP it would be legal for you to warn customer that if they fail
to install an update you reserve the right to disconnect their
system or limit access to certain ports or only to certain sites
(i.e. your own for them to check email but nothing else). And
obviously once issue is reported to you (i.e. their machine is
spewing and compromised), that is exactly what you should do.

> Just my $.02.  ;-)

Due to inflation with US currency I'll make it a nickel $.05 :)

William Leibzon
Elan Networks
william at

More information about the NANOG mailing list