Broadband Networks Are Vulnerable To Insider Zombie Attacks: Survey

New research from Sandvine Inc. indicates that as many as 12% of port scanning attacks on any given broadband service provider network originate on the network, often from zombie PCs.

The findings of the study contradict the conventional wisdom that virtually all scanning attacks are off-net and, according to Sandvine, they suggest that service providers can no longer be content to secure the borders between internal and external networks. Edge security, the firm says, might not be enough, since service provider subscribers need protection from each other as well as from miscreants outside the network.

"If the enemy is already loose within the gates, it doesn't matter how high the walls are," Sandvine president and CEO Dave Caputo said in a statement. "Broadband service providers must not only prevent malicious agents from entering their network from the 'outside,' but also cleanse the unsuspecting attackers on the 'inside'. The most successful service providers are protecting their subscribers from malicious traffic no matter where it comes from."

Indeed, the users responsible for internal scanning attacks might themselves be unwitting operators of zombie machines infected with Trojans that use their PCs to probe network defenses, Sandvine says. Zombies can then unknowingly transmit worms and viruses as legitimate network service subscribers.