Malaysian ISP Jaring to scan users following abuse

Posted on September 1, 1999 
Filed Under CNET, Julian

By Julian Matthews

KUALA LUMPUR–Local Internet service provider Jaring will scan its users while they are online to curb the high volume of abuse of foreign chat networks.

The scanning was announced in a notice sent via email to its 200,000 subscribers Tuesday.

“Connection to any equipment which exposes our network to abuse may be terminated without notice and follow-up action will be taken against the owner of the related account. We will not hesitate to suspend or terminate any account which has been found to be abused,” warned the notice.

The suggested scanning has alarmed some members of the local Internet community who question whether such action infringes on their privacy.

“How can we be assured that the scanning will be confined to just checking insecure ports and not go one step further?” asks Internet consultant Dinesh Nair.

Dinesh suggests the scanning may be open to abuse by the ISP staff if left unchecked. “I welcome the ISP informing us first prior to the scanning, but they should provide more details of the type of software they will use and what ports they plan to scan, ” he said.

Dinesh drew parallels to an incident in neighboring Singapore in April when ISP SingNet was forced to apologize to its 200,000 subscribers for scanning without prior notice.

He said local ISPs should not scan subscribers who explicitly object to the scan. “Unauthorized port scanning is generally accepted as a hostile action by the Internet community,” he said.

Jaring’s scanning comes in the wake of a blanket ban by of the .my domain two weeks ago for “intolerable” abuse by Malaysian users which was draining the resources of the popular Internet Relay Chat (IRC) network.

The .my domain was branded as “the most abusive in the world” for persistent denial of service attacks, flooding of chat rooms with multiple messages and running of unauthorized robot programs by its users.

The lifted the ban for Jaring users after the ISP promised to put in place a more effective abuse management policy.

“We feel it is necessary to implement drastic measures to protect the innocent users as well as the integrity of our network,” said Mohamed Awang-Lah, the vice president of Mimos Berhad, which operates Jaring, in defence of the action.

Mohamed downplayed the privacy issue and suggested the scanning was like “just like knocking a door to check if it is locked or not”.

“There is normally one unique IP address assigned to each equipment attached to the Internet. However, there are many doors known as ‘ports’ attached to each IP address. There are well-known doors such as port 25 for SMTP mail, 23 for Telnet, 21 for FTP. There are also many ‘unpublished’ or hidden doors. When you knock on some of these doors, we will know if it’s protected or not.

“We are not interested to enter the door ourselves but some unscrupulous people might. So before they do, we will give a warning first to the owner,” he said.

Mohamed assured subscribers that the ISP would not access their email and private information while they are online. “If a user launches an attack from a PC, we have the means to detect and confirm it without ever entering the machine. We then have to get the cooperation from the owner to shutdown the machine. If we fail, we will block all traffic from the machine until remedial action is taken,” he explained.

Mohamed said the scanning would also not be limited to chat abusers alone but aimed at misconfigured equipment which might be targets for unauthorized users.

Misconfigured or misused equipment using the Wingate modem-sharing solution and Socks 5 proxy servers were identified by the as possible sources for the abuse.

The Jaring notice advised subcribers using applications such as Wingate and popular IRC applications such as mIRC and Pirch to configure them securely to prevent abuse by unauthorized users.

Jaring has prepared online guidelines on how to set up such applications correctly.

Mohamed said the ISP reserves the right to do the scanning “whenever necessary” and disconnect errant subscribers “without notice”.

“It will depend on the severity of the case. Our first option will be to contact the account holder. However, if that cannot be done and the abuse activity is considered damaging, we reserve the right to disconnect without notice. Sometimes, our act of disconnection will save the account holder from further embarrassment or damaging effects,” he said.

Mohamed did not discount the possibility that the police could be informed on specific cases.

Meanwhile, TMnet administrators contacted by CNET Asia said it was maintaining “active contact” with the to resolve the chat abuse issue. The global ban on subscribers of TMnet–the only other local ISP–has been enforced since Aug 15.

TMnet has over 350,000 subscribers, while the total user base in Malaysia is estimated to be about 1.5 million.

Emilia Mustafa, assistant manager of brand and communication at Telekom Multimedia, which operates TMnet, said the ISP was also pursuing the matter together with the Malaysian authorities in preparing a “Code of Practice for the Internet” which will cover both consumers and ISPs in Malaysia.

Last week, the rejected an offer by TMnet to host a local Undernet server as a means to resolve the abuse issue because it failed to meet the network’s minimum bandwidth requirements. It also said this was the seventh rejection of a TMnet application.

The said it would not lift the ban of TMnet users from its 41-server global network until the ISP was fully committed to putting in place an effective abuse management policy.

Published in CNET, Sept 01, 1999

University hackers identified as chat abuse culprits, Sept 16, 1999
Malaysia’s TMnet delivers ultimatum to abusers, Sept 08, 1999
Malaysia’s TMnet users permanently banned, Sept 07, 1999
Undernet rejects TMnet offer to host local chat server, Aug 26, 1999
Malaysia’s TMnet appeals to lift chat network ban, Aug 23, 1999
Malaysia domain the ‘most abusive’ in the world for chatting, Aug 20, 1999
Major chat network bans all Malaysian users, Aug 18, 1999

By Julian Matthews, Malaysian correspondent


Comments are closed.