WLANs As Spam Conduit

Saint Aardvark writes "According to this article, a honeypot was recently set up on two wireless LANs. 25% of the connections observed were deliberate, and 71% of those were to send spam. Even more reason to take care of your ether." These statistics should be taken with a salt lick...

How about...

[ilduce]

...public vigilante executions of spammers? Kinda like a citizens arrest, but more permenant. Just a thought.

Re:How about...

[Kj0n]

What about a flamewar?

With *REAL* flamethrowers, of course!

Re:How about...

Execution must be reserved for serious crimes. Web clients that "support" XML but don't check if it is well formed, would be one such example. I believe a UN task force, including military airpower should be used to deliver a world free from "Our users prefer it if we let them forget to close some elements".

Also creating upside down and inside out file formats such as BMP and PCX, +/- 32768.0 float WAV files and so on should be a death sentence, but commuted to life if you agree to tour schools telling kids why "it happened to be easier in my test app" is no excuse.

Re:How about...

[evilviper]

Seeing the incredible anti-spam sentiment is quit amazing to me. It seems to be a bit out-of-proportion to the actions in question.

From what I've seen on /., it seems like GW Bush would just have to say that Iraq was the #1 source of spam, and the opposition to war would have disappeared right away.

Maybe it'll enter our vocabulary soon, as some sort of curse word.

Murder

Rapist

Spammer

Re:How about...

[dev11]

Unsolicited email is annoying, but I guess what really angers me about the majority of the spam I get is:

Sleaziness. Penis enlargers, teen sluts, and porn of questionable legality. If I had young kids, this would really piss me off if they got sent this crap.

Fraud. This is somewhat related to the above. Most of these products are most likely frauds, or of questionable value. Masking your identity through forging headers, using open relays and the like. If your product is so great, you shouldn't have to hide yourself. Spam is the snake oil of the new century.

Intrusiveness. Embedding images in HTML email that the client fetches and confirms your email is "live", so it can be sold and put on more spam lists. I am still in the stone age and use pine and never HTML mail, but most non tech people use Outlook, which has this as default behavior. Also, claiming that I opted in and now I need to specifically opt out, with some form that probably just confirms my address is pretty low.

Volume. When I get 50 spam mail messages a day, and 10 or so legitimate messages, email as a communications medium is seriously flawed in it's present form. Many get hundreds of spams a day. Blacklists and Spam Assassin help some, but there are too many false positives.

Commercial email is OK, provided that I signed up for it and the company doesn't try to hide their identity. Some of this is actually useful at times. It would be nice if there could be an analog of a do not call list for email, but that is not technically feasible at present with the current protocol. A new protocol needs to be implemented. As much as I hate spam, I prefer technical solutions rather than handing control to the government. Even if there were spam laws (I know some states have them), they are ineffectual.

Re:How about...

[Lynn+Benfield]

Blacklists and Spam Assassin help some, but there are too many false positives

Perhaps not as many as you'd think though - I recently switched from Spamfire (keyword based filter) to POPFile (Bayesian with list of known-to-be-good-senders), and have been very impressed.

It's been running for 10 days, has processed 1108 mails, and made 26 mistakes. Almost all of which were in the first 24 hours - I've been checking my spam folder a couple of times a day, and have had 3 false positives in the last week (all receipts from online orders).

So far it's claiming 97.65% accuracy, with 60% of the mail passing through it being spam.

Re:How about...

[Coward,+Anonymous]

Seeing the incredible anti-spam sentiment is quit amazing to me. It seems to be a bit out-of-proportion to the actions in question.

The reason you're seeing it is because just about everyone here experiences spam. If I got punched in the head a dozen times a day, I would be pretty fucking angry at people who go around punching people in the head and I would want them all to die a slow horrible death. Fortunately, I don't get punched in the head on a regular basis so I tolerate head punchers much more than I would if they affected me on a regular basis.

Re:How about...

[YetAnotherDave]

I've heard a lot about false positives here, but
I'm running SpamAssassin with nearly the default ruleset, and I've had a grand total of 1 false positive in 6 months (on the second day I had it running). I had a few legit mails just a hair below the cutoff for flagging them as spam, and they all hit the FAKED_UNDISC_RECIPS rule. I added the following entry to local.cf, and the problem was solved. Btw, does anyone know what criteria they use for 'faked'?

score FAKED_UNDISC_RECIPS 1.0

I've also given a bunch more weight to the RBL scoring, which has helped a fair amount with blocking...

Re:How about...

[davburns]

These are generally in /usr/local/share/spamassassin/* (in this case, 20_head_tests.cf)

To =~ /undisclosed[_ ]*recipient(?:s[^:]|[^s])/i

A quick grep through my spam folder shows that this test really does help track a lot of spam. (What I don't understand, is why spammers are so consitant in their errors.)

If you get a lot of legit mail with undisclosed recipients in the headers, you might write a test for that (which probably looks different from the fakes) and submit it to the project. (Or, use SA 2.5, which used Baysian Filtering.)

Re:How about...

[Coocha]

Bogus Removal Options. At first glance, even the sleaziness you described seems avoidable, per the opt-out link at the bottom. But click it, and it sends you to an IP address (no domain) with a nonexistent asp or php script. I guess it just backs up your assertion of spam as fraud, but it torques me enough to want to make it a separate assertion.

Please, keep the internet free

Block all ports except 80 if you have to... just don't take away my free access!

Re:Please, keep the internet free

[shadwwulf]

Even port leaving port 80 isn't safe due to the Form_Mail.pl security issue that is plauging web servers all over and dumping spam into a mail spool near you.

My point is that mearly blocking ports is never the answer, keeping your patches up to date and not running open relays is a simple solution.

My $0.02

Re:Please, keep the internet free

[XNormal]

My point is that mearly blocking ports is never the answer, keeping your patches up to date and not running open relays is a simple solution.

And how is that going to help if your wireless LAN is wide open to anyone passing by? The mail relay is, by definition, open for insiders.

Re:Please, keep the internet free

[monthos]

If i had any script writing knowhow, im sure it wouldnt be hard to have a script monitor connections and if does see a significant amount of outgoing mail block that network cards mac address.

Re:Please, keep the internet free

[AndroidCat]

Avoiding Matt's borken Form_Mail.pl scripts is a good first step to close that hole.

Re:Please, keep the internet free

blocking ports? ptah!
here is how you do it while keeping it open for all;
1. Block port 25 period.
this keeps spamers from starting their own SMTP agent.

2. Run local IMAP+SSL servers
Have your client attach to the mail server on the insecured side with IMAP+SSL, that way it is a) encrypted - preventing sniffing kiddiots from reading your love letters, and b)its authenticated - need a valid user/pass to send.

3. Run qmail+ssl
have your MTA run the TNS packages and force authentication & encryption.

Ofcourse removing open relays is smart, infact proper use of a mail server is one that REQUIRES folks to encrypt and authenticate prior to sending jack.

this way port 25 is not in use, and you've effectively locked out anyone who would like to Drive-By-Spam

tequila

[Entropy_ah]

These statistics should be taken with a salt lick...
Does spam go well with tequila?

Re:tequila

Tequila? Probably. I do know that if you drink enough scotch, the pain caused by spam starts to dull a little...

Re: where?

[Anonvnous+Coward]

Makes you wonder where they built the Wireless LAN.

just to be clear...

[ilduce]

Post script on my prior note--
IANAL--
just so you all know. I didn't want anyone to get in trouble or anything...

Spam on the cell.

[zbowling]

Spam and telemarketing calls to a persons cell phone (or any system where the person that is being called has to pay for the call) is currently illegal in the states under telecommunications act of 1989. Its the same act that allows us to ask to be put on a company's not calling list and sue if they call back. Do a google for it. Some cool ways to protect yourself using the law.

Re:Spam on the cell.

Hey Mr. MCSE, have some links???

Re:Spam on the cell.

[HanClinto]

Okay. Say I have an ISP that charges me $0.01 cents per month for every e-mail I recieve. Does that mean that I would then be able to sue these unsolicited advertisements? I'm seriously asking here. I'll set up a company and charge myself just for the legal tendencies. I could fund myself from the lawsuits from suing the X-Cam 2 or whatever. (Sorry for posting as A/C, I can't remember my password)

4 percent?

[f13nd]

what about the other 4%... was that accidental?

Re:4 percent?

[Zork+the+Almighty]

They were terrorists.

Re:4 percent?

[DASHSL0T]

It's 71% of the 25% that were intentional connections.

Re:4 percent?

[eander315]

Read that sentence a little closer. It says that 25% of the connections were deliberate, and among those connections, 71% were used for spam. That means that something like 17% of the total connections were used for spam.

The other 75% is the part that is presumably connecting by mistake.

Re:4 percent?

[edrugtrader]

how does this get modded up... 25% were deliberate and 71% OF THOSE were used to send spam.

that means 75% were not deliberate.

Re:4 percent?

Better yet, you and the other guy who pointed out the error 14 minutes after the other guy got modded up too, but the first guy to point it out got jack squat.

Re:4 percent?

yes but they put it more succinctly.
You should know by now that slashdot moderators reward clear writing, regardless of the validity of the points made.

Re:4 percent?

except for the fact that it said that among those connections, 71% were used for EMAIL, not spam. Therefore, assuming they really got at least 400 connections, 100 of those being intentional, and 71 of those used for email, it might not necessarily be for spam. Probably just around 70% (+/- 1%) of the intentional connections were NOT used for spam, or if they were, were used by the same person for spam. if I connect 300 times, and send an email each time does it count it 300 times, or just once?

Re:4 percent?

[.c]

The survey found that almost a quarter of unauthorised connections to the WLANs were intentional, with 71 percent used to send emails.

I think you misread their stats. Wouldn't you agree that WLAN connections could be intentional *and* for the purposes of spamming?

Personally, I don't quite understand their use of 'intentional'. If Joe User powers on his laptop to find that a ssid-broadcasting access point has been auto-discovered by winXP and he uses it to browse http, is that 'intentional'?

dental work anyone?

if you sniff too much ether, you pass out.

Re:dental work anyone?

[Ponty]

And there's a non-trivial chance that you will blow up.

Those stats don't seem that off to me.

[Trillan]

I've read repeatedly that some percentage of all email is spam. I think the number that usually gets thrown around is 40%.

I can't remember the last time I got that much legitimate email...

I really wonder how these stats are gathered.

Re:Those stats don't seem that off to me.

[domninus.DDR]

Well companies that host thier own mail servers and the like ussually dont get that much spam, but there are a lot of yahoo and hotmail accounts (sigh, I have one too) that *ALL* get 7-8 times as much spam as regular mail. If youre wondering what I mean by all... set up a hotmail account with gibberish (no dictionary words) as the name. Dont use it for anything. It only takes 2-3 days to get your first piece of spam. Ive done it 9 or 10 times and the longest it took was 5 days til first spam, and that was longest by far.

Re:Those stats don't seem that off to me.

[aweraw]

my 'Inbox' at work is about 10% legitimate e-mail...

60% legitimate mail? to me thats like heaven...

Re:Those stats don't seem that off to me.

[chunkwhite86]

I've read repeatedly that some percentage of all email is spam. I think the number that usually gets thrown around is 40%.

Well that sure as hell isn't my inbox. I'm lucky if one in twenty message is NOT spam.

I really should get some friends though... ;-)

Re:Those stats don't seem that off to me.

[inaeldi]

I get about 1 spam message every few days on my main account. I just take very good care of where I use the email address.

My hotmail account on the other hand...

Re:Those stats don't seem that off to me.

[russellh]

60% legitimate mail? to me thats like heaven...

More proof that you don't know what you've got till it's gone....

Re:Those stats don't seem that off to me.

According to a study by leading physicisct Prof Michael Raynor at the university of Aberystwith over 60% of email is spam, however he conculed that this in itself is not a bad thing. Namely because:

1. Spam is one of the few things on the internet that actually makes money. The bandwith bills payed by spammers drives down the total cost of bandwith for the rest of us.

2. Spam is reletively easy to filter out. yes it can be a bit of a nuiscence but I would imagine that most slasdotters can actually filter spam pretty effectively. i get hundereds a day but they all go to my junk folder so they really don't bother me.

3. Spam is an effective way for selling things. The more profit that can be made form the intnet, the more investment that can be put into it and the the better the surfing experience can be. Spam offers an easy way for companies to make money over the internet. Where would Amazon be today if it wasn't allowed to offer promotional emails to its customers?

4. The large amount of promotional emails sent has forced most ISP's to upgrade their mail servers to a point where sending email is painless. We all remember the early 90's when email often used to as slow as regular mail due to server overload and network propogation delays. Who wants to go back to those days?

Re:Those stats don't seem that off to me.

[Llurien]

Considering that hotmail by default shares your email address and some other info with "selected partners", that does not surprise me much. You have to go to your user preferences page to turn of the "feature". They got in the news about six months ago when the default was changed to this, and they also changed it for everyone who allready had an account. The most annoying thing was that only IE would load the page where you could change the user preferences, the other browsers just got an "this browser is not supported" message. So i had to boot to windows just to turn it off. I only get about one in five mails of spam, but still thats an increase, because up to last year, i never got a single spam message on hotmail.

Re:Those stats don't seem that off to me.

[Blkdeath]

I've read repeatedly that some percentage of all email is spam. I think the number that usually gets thrown around is 40%.

I can't remember the last time I got that much legitimate email...

People like you are balanced out by people like me. I use "Contact Me" forms on my website rather than my e-mail address, I don't give out my real address, and I use a throw-away address for mailing lists and a free e-mail address (Softhome, Yahoo, etc.) for submitting to forms on the web where I have no choice.

Only recently, and only through negligence on my part (posted to a couple mailing lists with my real address) have I ever received SPAM to a production e-mail address. I think I'm up to a total of ten SPAMs in the past decade.

Of course, if you use a free web based e-mail provider, all bets are off. Those seem to get SPAMmed like there's no tomorrow. My little brother got a Hotmail account comprised of seemingly random letters and numbers (it was like "cewlgy007"; phonetically "Cool Guy Double-Oh-Seven") and was receiving pornography SPAM within two weeks. By about a week later, his INBOX was so crammed with the stuff the account became useless.

I really wonder how these stats are gathered.

Mail servers / filters often keep stats, so the filters from major ISPs are analyzed and the stats likely extrapolated from there. I'm no statistician so I won't elaborate, but that's my best guess.

Now then, back to the topic ...

The article is FUD. The headline is a scare tactic, the stats are garbage, and the conclusions only ring true based on empirical evidence. Yes, wide-open WLANs are used for malicious purposes every day. A simple DC converter, my laptop, and my bland million-just-like-it Cavalier becomes a DDoS/SPAM/H4x0r staging ground. I could drive the streets of Toronto (hey - traffic jam - more time!) all day long attacking people all over the world from a different address every time. Get a couple friends in on it and we've got ourselves a party!

The solution is for companies implementing WLANs to atleast enable WEP. People aren't going to sit and run down their car battery (and expensive gas) waiting to crack a WEP key when they can find an easier target down the road. Coffee shops and the like that allow open WLANs should restrict traffic by port and proxy all traffic - with filters imposed.

People should also tell their Congress-Critters that war drivers who publicize open WLANs are NOT TERRORISTS! These people are helping by raising awareness of open access to the Internet, intentionally or otherwise. People just have to learn to pay the hell attention and do something about it. I mean, seriously, someone comes along and tells you that you have an easily correctable hole in your network that could be used maliciously and cost you thousands (millions?) of dollars - and you want to throw THEM in prison? Get real!

Anyways, this article doesn't seem terribly worth further discourse, so colour me outta here ...

Re:Those stats don't seem that off to me.

[letxa2000]

Not sure whether to mod you as a troll or as "funny."

Re:Those stats don't seem that off to me.

[mrjive]

Not to mention that having an open mail relay on a WLAN is no different than having an open mail relay on the internet.

I, for one, am not fooled by their conclusions. Any open, exploitable service that is reachable publically will be abused, regardless of the transmission medium.

Um...no.

[waldoj]

Wait, so this company, "Z/Yen," has determined that 71% of malicious connections to wireless networks are used for sending spam, and they've done so on the strength of setting up a grand total of two WiFi hotspots in one unspecified city (which I assume to be London, because that's where they're located) for an unspecifed time span...and this leads to conclusive results? That's just stupid.

In other news, based on my survey of my apartment, 75% of people are running Mac OS X, and 25% are running Linux.

-Waldo Jaquith

Re:Um...no.

[zapatero]

So two security companies set out to do "research" on WLAN access and the results of their findings conclude that security is needed. These are staggering results. Who woulda guessed.

It's ground breaking research. It ranks up there with Philip Morris' discovery that lung cancer is cuased primarily by cat dander. And McDonald's dietary discovery that low cholesterol leads to depression and suicide.

Re:Um...no.

In my room right now, 100% of all males are gay.

Re:Um...no.

[hesiod]

I think an important part of this bull is that these were honeypots. They are built for the exact purpose of getting malicious connections. No shit that there were a lot of them.

Re:Um...no.

And McDonald's dietary discovery that low cholesterol leads to depression and suicide.

And hence the Happy Meal (tm).

Re:Um...no.

[TKinias]

scripsit waldoj:

In other news, based on my survey of my apartment, 75% of people are running Mac OS X, and 25% are running Linux.

Based on my survey of my work environment, about 50% of Americans hold Ph.D. degrees, the remainder being graduate students.

Re:Um...no.

Wow, Mac OS X and Linux? Leave it to a commie to question the infaillable results of a scientific study ;)

Re:Um...no.

[Glonoinha]

Totally OT, but back in the mid 90's when I did Internet searches (altavista, etc...) on my last name I was pretty sure that my entire bloodline was made up of grad students and doctors in academia or very wealthy people scientific jobs. Of all the home pages I found for people with my last name - that is about all I found. No Crack Ho home web pages or 'I'm on welfare' web pages or any of that crap to be found for anybody with my last name.

It was pretty refreshing. I also found it funny that in web surveys almost 100% of the population was found to have a home computer, and an Internet connection. :)

Re:Um...no.

[AnotherBlackHat]

The results of a random phone survey show that 100% of New Yorkers have a listed number...

Clarity

[John+Paul+Jones]

The survey found that almost a quarter of unauthorised connections to the WLANs were intentional, with 71 percent used to send emails.

Umm... First, this means that 75% of the connections were not intentional? Is this the equivalent of 75 people saying they're sorry for stepping on your toes, while 25 people did it on purpose?

Second, define "emails". Is that 10? 10,000?

This seems a bit alarmist.

Re:Clarity

[jhunsake]

75% of the unauthorised connections were not intentional

Re:Clarity

[thynk]

I agree, that's it a little alarmist, however, it kind of sickens me that spammers are now looking for WiFi WAPs to hijack to spam. I ran my wireless open for a couple of weeks, simply because I *KNEW* that none of my neighbors knew a thing about wireless and it's a pretty small neighborhood.

HOWEVER - When I decided to mimic the SSID and WEP settings that we use @ work so I could stop switching them on my PocketPc - I suddinly poped up on my neighbors wireless, since they were broadcasting their SSID. OOPS on my part. I've thought several times about telling them, but money is kind of tight and if I loose my broadband, well, I'm sure they wouldn't mind sharing a little now and then. I wonder if I can bridge via my laptop and move the WHOLE domain over... Hmmmm....

The thought of someone driving up and down my neighborhood looking to break in and spam me with my own connection almost brings me to tears. Heaven help the spammer that I find trying to get into MY network.

Re:Clarity

[Ponty]

Uh, dude, isn't that a little hypocritical? I know you're not spamming your neighbors, but you're still stealing their bandwidth. That's what the spammers are doing.

When I moved into my apartment, I found an open WAP. I started using it and eventually found the guy whose apartment it was. We ended up splitting the cost and it worked out for all of us.

Re:Clarity

[panaceaa]

My guess is 24. It's the first denominator capable of .25 and .71. :)

Re:Clarity

[thynk]

Stealing is such a strong word, can't we say I can borrow it from time to time? Seriously, I was really joking about it - I haven't used a drop of their connection and if I could track down the house I would probably tell them, but it's just "somewhere" on my street.

I'd offer to go half with them, but I use a LOT of my bandwidth between my RAS account to work and my pr0n addiction. It really wouldn't be fair to them - now if I can find someone to would be willing to pay, maybe 25% of my connection for 25% of my bandwidth, that might work out ok.

Kind of makes me wonder how many people got a free connection when I was open to the world.

Re:Clarity

I recently setup a wireless router at home for the puter in the kitchen. Wife wanted to look up recipes and such. Was up and running for two weeks before I realized that it wasn't even using my router but the neighbors. I get a better connection with his than I do with mine.

Re:Clarity

[abreauj]

mm... First, this means that 75% of the connections were not intentional? Is this the equivalent of 75 people saying they're sorry for stepping on your toes, while 25 people did it on purpose?

The first time I set up a WLAN at a user group meeting, when I tried to connect with my laptop I found myself connecting to the wrong WLAN. That would certainly count as unintentional.

These statistics should be taken with a salt lick.

[Chexsum]

*neigh*

wha wha ?

[ramzak2k]

"If the proposals come into force, senders of unsolicited emails will require prior consent from recipients, and web users will have to be told if cookies are being used, with the option to reject them. Individuals will also be given more power to decide whether they want to be listed in subscriber directories. "

Although the proposal sounds good whats this big fuzz about cookies ? Sorry for sounding possibly ignorant but since when have cookies become security threat ? If thats the case wouldnt every website face a similar problem with the usage of cookies ?

Re:wha wha ?

A spammer sends you an HTML email. If you preview the email, a cookie is established on the Spammers server.

They know that their email was xx% successful, even though most people just viewed the spam and deleted it right away.

Re:wha wha ?

[spectral]

uhm, that is NOT a cookie. a cookie is stored on the user's machine.

Re:wha wha ?

[shadow_slicer]

The problem people have with cookies is that they can be used invade your privacy. Sites like doubleclick and other ad agencies place cookies alongside their banner ads to better allow targetted advertising. The problem is not that the cookies are a security threat, but that they invade your privacy. Also many sites will not function if you refuse the cookies...even if all those cookies are doing is setting about 50 times (in 50 different cookies).

This used to be a big issue for me about 2 years ago (yeah....I was *probably* being paranoid) when I didn't want *anyone* to know what I was doing online.....

Port 80 is Perfectly Safe

[waldoj]

Even port leaving port 80 isn't safe due to the Form_Mail.pl security issue that is plauging web servers all over and dumping spam into a mail spool near you.

There's no problem with keeping port 80 open. It's running an unsecured web-based non-authenticated mail relay that's the problem.

-Waldo Jaquith

One day /. will implode

[nickgrieve]

The PATRIOT act is used to define SPAM as terrorism.

Re:One day /. will implode

[chunkwhite86]

The PATRIOT act is used to define SPAM as terrorism.

I hope so... If we start hunting down spammers with the same tenacity as if they were terrorists... we'd all be better off.

Re:One day /. will implode

Spam works - stop reading and purchasing products and you'll stop receiving it. It is a very effective form of advertising.

Serious?

[molrak]

So let me get this straight. As opposed to just sitting in the apartments or offices or whatever, spammers are now riding around major urban areas trying to find insecure wireless networks? This, to me, would seem to be a tremendous waste of time.

I'll admit, I don't understand why people spam; but the economics of such a thing simply don't seem practicle. The 25% would seem to be about right to me, but that 18% of the total was just for spam, just doesn't seem to add up.

Then again, as Mark Twain said, "There are three kinds of lies: lies, damned lies and statistics."

Re:Serious?

[John+Paul+Jones]

Erm. It was Benjamin Disraeli, not Sam Clemens.

Re:Serious?

[doorbot.com]

Then again, as Mark Twain said, "There are three kinds of lies: lies, damned lies and statistics."

As "they" say, torture the data until it confesses.

Re:Serious?

[ATMAvatar]

"Statistics are like a bikini. What they reveal is suggestive, but what they conceal is vital." -- Aaron Levenstein

Re:Serious?

[curiousir]

Then again, as Mark Twain said, "There are three kinds of lies: lies, damned lies and statistics."

shouldn't that be: "There are 11 kinds of lies: lies, damned lies and statistics." ?

Re:Serious?

Actually, I live in a not so urban area, and while riding the bus home one day I decided to see what networks were out there. I came across a dozen in half as many minutes. It wouldn't be that hard to find out which are insecure and use the networks for whatever I want.

Lies...

[JJahn]

...damned lies and statistics. strike again

Re:Lies...

[localghost]

What about damned statistics? I think this falls under that category.

These statistics should be taken with a salt lick

These statistics should be taken
with a salt lick...

God chris, if you're going to come up with a snotty retort like that, you should back up your argument with some DATA.

These people have published their methodology and results in order to back up their assertions.

What evidence do you have that wireless activity ISN'T being used for illegit activity.

At the very least, even if only 5% of the connections are used to send spam, this article should serve as a reminder: PROTECT YOUR WIRELESS CONNECTIONS!

GOd, there are so many open wireless connections out in the wild. Cover them up people!!!

ecommerce minister?

To quote the article "E-commerce minister Stephen Timms says the spread of unsolicited email could damage the development of online business."

Who is the e-commerce minister? Is this some newly appointed official?

Misquote

[Mattygfunk1]

... and 71% of those were to send spam.

The summary misquotes the article here. 71% of the connections sent email - not necessarily spam email. I am surprised the figure wasn't higher.

Anyway it is hardly groundbreaking news that you have to secure wireless internet connections.

_____
cheap web site hosting

Re:Misquote

[jhunsake]

Mod this up. It could have been that none of the emails were spam!

Re:Misquote

The article says, Nearly three-quarters of malicious connections to wireless networks are used for sending spam, according to new research.

Now maybe that's wrong, but it does say they were spam, not just an e-mail to the wife.

wireless pig !

[ramzak2k]

i see a wireless pig icon up there ! Is it just me ? I need some sleep ..

Re:wireless pig !

[smeenz]

pig => ham => spiced ham => spam

Re:wireless pig !

He is not trolling , it appears like the pig is superimposed on a pylon on my browser. Looks funny

public spots

[saben78]

It's easy for the home and business admin to secure his/her AP. But how do public access places like airports and StarBucks counter drive by spamming?

Any ideas?

Re:public spots

[thynk]

Drive by spamming, I dont' think I've heard of that one before. See - I do learn something new everyday and it's not always related to pr0n.

Re:public spots

[jratcliffe]

If memory serves, the service providers (Boingo, T-mobile, etc.) use a client on your PC to authenticate you (probably MAC-based, but I'm not sure). Their concern isn't just security, of course, but making sure that you actually pay for the service.

Re:public spots

How exactly is it easy to secure a wireless access point? The MAC address ACL is no defense against unauthorized connections, because it is so easy to sniff a valid MAC address, then plug it into your own WiFi NIC. Not to mention that WEP is worthless.

Granted, these two steps will make the drive-by spammer cruise on down the block to your neighbor's wide-open AP, but that doesn't mean your network is secure. :)

zm

Re:public spots

How exactly is it easy to secure a wireless access point? The MAC address ACL is no defense... WEP is worthless.

Good point. Thinking about the setup of my home network, if you steal/guess/calculate my WEP key and spoof a valid MAC address, DHCP will put you on my server's local subnet. That means any outgoing messages that reach my mail server will be sent on their way. I would venture to guess that this is true of most home/small business networks that include a wireless access point and an SMTP server.

What additional protective measures are available? I see four:

1. A more restrictive IP address filter on sendmail.
2. SMTP AUTH.
3. Get rid of my mail server and use someone else's -- but since I use email addresses from my own domain, I'd need to use a paid service.
4. Something like nocatnet that firewalls unauthenticated wireless clients off from my server.

And, finally, what's a "reasonable" level of defense, considering now that other people outside my network could suffer if I'm attacked? In other words, if you received spam through my home network, what level of security would I need to demonstrate before you deemed me not to have been negligent?

Oh, take heed!

[interstellar_donkey]

Remember folks, there are surly looking spammers driving through your surburbian neighborhood right now just looking to abuse your DSL connection through your unsecured access point to send spam.

So if your router gives out a DHCP address in the middle of the night, run outside in your pajamas with a baseball bat. There are spammers you need to teach a lesson.

Re:Oh, take heed!

[supz]

Moderators, please mod the parent comment up!

It would be so great if spammers had to come within a proximity of your home, to send you spam... I'd have an electric fence around my house, with one entrance, and 400 guard dogs.

Re:Oh, take heed!

[buss_error]

How long until we see:
Make money FAST crusing your neighborhood! Annoy millions of people with unrelenting spam!

Re:Oh, take heed!

[jamesh]

yes. 400 dogs. little tiny yappy bitey ones.

and a server that does these things to spammers (eg unknown users sending email):
1. attempt to exploit all known vulnerabilities on their computer.
2. connect to their address book, and forward each email they send to all the addresses in it.
3. if all that fails, pretend to accept their email but don't actually send it.

the above could be covered legally by a TOS statement nailed to your gate (IANAL :)

of course watching 400 little tiny yappy bitey dogs snapping at their toes would be a lot more fun.

Re:Oh, take heed!

[ColdGrits]

Actually, what I do for any emails some scumbag sends unauthorised through my WLAN is as follows -

If they are obviously spamming (sending email to loads of people), deny access (the first few may get through but the rest would not as soon as spamming was detected).

Otherwise, accept their email and send it on to the destination.

Oh, I forgot to mention that all email sent this way is first run through "pornalizer".

Don't like your emails being pornalized that way (I *DO* hope it is an email to your Mum)? Tough shit. You use my bandwidth, you accept the consequences.

Re:Oh, take heed!

[AndroidCat]

Grow your Internet connection! Make connections from up to 30% further away!

Salt lick

[jhunsake]

What if there were only 2 unauthorized connections? What a story!

Get-rich-quick scheme

[xintegerx]

I just received in e-mail..

1) Sue for "Cable Theft" (if cable ISP)

2) Sue for "Denial of Service Attack" (since the intent of spam is to fill up your mailbox, causing you to give up real e-mails.)

3) Sue for "Espionage" if you both received a 'viagra' spamvertisement and the e-mail says it's not commercial spam, because if it's non-commercial, they were watching you through a window and wanted to notify you of viagra!

4) Is the spam for an ergonomic peripheral, like mouse or keyboard or computer chair? Or maybe, the company offers you pills to decrease your hormonones? In either case, this means they think you might have repetitive stress syndrome from using your... tool. This is either "Espionage" (they saw it), or "Intent of Deliberate Harm" (they e-mail you so much shit, they KNOW you are guaranteed to have RSS in your wrists....

5) ???

6) Profit

Bad logic.

[twitter]

Huh? What statistics? Where was this thing set up? How many hits did they record, 4? Did they deliver the spam? Was the welcome message, "Tell all your leet friends about the spam relay here!" Is someone at the RSA office the type that thinks they can make a fast buck selling dick enlargers? F+

The study, as presented is useless except to divide people. They might have just as well said that the internet itself was evil for enabling spam. I can say the same thing about materials used to make billboards. The RSA says, "Don't share, people." Great!

You arent kidding

[t0ny]

so that means that, citing their statistics, at least 30% of people have closet spammers living near them. Ya right!

I mean, Im sure most people living near me wouldnt mind downloading pr0n with my connection, but sending spam? Even if they had said hacking I would consider that a stretch. Its not like every kiddy is a script kiddy.

Re:You arent kidding

[t0ny]

Oops, I realized I fuxored the numbers. Its more like 18%, not 30%

Re:You arent kidding

[claud9999]

Well, spammers have to live near someone, and they sure as hell don't live near me so they must live near you! Just kidding.

Seriously though, with spammers hiring college students (and surely housewives and others looking to "make $ from home") for one-off spams, I would not be suprised if the odds of having someone spam from your WLAN is going to be proportional to the amount of time you remain open.

Re:You arent kidding

[monthos]

Twice people have tried to "recruit" me for spamming there stuff before. the first guy wouldnt even tell me anything about what he was except "a company other companies hire to establish there products presence on the internet". i called him a spammer, he took offence and walked away. The other time i just ignored the fellow who tried to talk to me.

Re:You arent kidding

[Opie812]

Well, spammers have to live near someone, and they sure as hell don't live near me so they must live near you! Just kidding.

...thanks...for a minute I thought you were serious...phew!

(just teasing)

Re:You arent kidding

[t0ny]

wow, thats messed up. I had no idea that goes on. Was this at a college or something?

It wouldnt surpise me at all if somebody hooked together the MLM idea with the concept of spamming. Well, at least you didnt get burned on the idea.

Re:You arent kidding

[monthos]

actually, i was aproached at work, i worked at kmart at the time, and he went to the front desk and asked if anyone who worked there knew much about computers, they said i did and he tried talking me into it.

Re:Black crime statistics

[jhunsake]

Thank god I'll be dead by 2100.

Newsfactor is silly

[fname]

I occasionally read a NewsFactor article by accident. They define silly. They are usually speculation couched as fact, and prove little except that if you pay Yahoo! enough, they will carry your stories on their news site.

Well.. duh.. but seriously, it's wild out there.

[smeenz]

The finding doesn't surpise me much. As far as I'm concerned, a wireless lan should be considered at least as dangerous as your internet connection, and should be firewalled appropriately. What makes them more dangerous is that it's like having your users sit in your DMZ.. their laptops with wireless cards can be wide open and they don't have a clue. I guess it's just like when those users use a dialup modem account without a firewall, but because they're often connected to the corporate network via a vpn etc, they believe they are somehow more secure. They might well have a ipsec or mppe vpn active, but that doesn't usually stop windows from listening on ports 137/138/445. And how many windows users do you really think are going to run a 'personal' firewall and/or understand what they've got themselves into by going wireless.

Chrisd

Why should it be taken with a salt lick fatty?

ChrisD = Bovine

hes a fatty! He has to take in salt every so often. It's just good to incorporate his daily routine into /.

Intelligence

[rf0]

This is showing spammers are intelligent and learning. That can't be right can it? :)

Rus

Not only that

[autopr0n]

I've never seen a browser that didn't allow the option of 'prompting' the user for each cookie thats set. Do these guy's want web pages to be reqired to say they use cookies?

Re:Not only that

[arivanov]

Try that option on the following computer shop: www.globaldirect.co.uk. It tries (or at least tried) to set the session cookie with every single image or page it sends. So you get an overall of 40-50 cookie dialogues. And there are quite a few sites like that out there so the average Joe Public will disable this option outright

sounds like shit to me...

[drwho]

I've had an access point with public access set up in the middle of a major city for several years now, and have never seen a SINGLE spam attempt. As much as I hate spammers, I think this 'warning' is just hype.

Re:Um...no?

[hc000700070007]

>75% of people are running Mac OS X, and 25% are >running Linux

that sounds about right... oh wait, it's still 2003!

--hc

Re:Black crime statistics

This shit is insightful, we'll all be dead by 2100!

Not that I buy the figures, but...

[Bruce+Perens]

I don't buy these figures. But I've thought about blocking off port 25 to unregistered hosts on my local net. That's all that would be necessary.

Bruce

Re:Not that I buy the figures, but...

[weave]

Sigh, spammers ruin everything. I often use public hot spots when traveling to quickly slurp up some e-mail and send out pending e-mail (via an authenticated SMTP connection at my business host).

I have Mac Stumbler running on my laptop and it pings me whenever I drive past a hotspot. Sometimes the hotspot will be named "public" or "public hotspot" even. (Saw a few of these in Tempe, Arizona. Was pretty amazed, and grateful).

So if you're running one, I thank you.

Counterplot

[Julian+Morrison]

Wireless spam? I'm thinking that's not necessarily such a bad thing. (1) wireless broadcasting objects are locatable in 3D using the proper detection tools (2) a wireless enabled laptop is deliberately radio-permeable and structured so as to pick up radio energy.

Solution: directional high powered radio emitters on the 802.11b wavelength. Target the suckas and zap the bejeezus out of 'em.

Mmmm, fried spam.

Sounds familiar

[gmajor]

For a class I took, a professor set up a temporary mail server that we needed to use for an assignment. He of course took precautions, making sure mail was only routed to a certain domain.

But within 48 hours, the mail server was found by spammers!

He even had a great idea for anti-spam software/blocking. Set up these honeypots in different geographical locations, but don't publish the addresses; let the spammers find them. Have them accept mail as if they would route it, but do not actually send it out. We can assume any e-mails received are spam. Make a collection of spam e-mails, and have filters block out mail that closely matches all the mails the honeypots have received.

Re:Sounds familiar

[theLOUDroom]

He even had a great idea for anti-spam software/blocking. Set up these honeypots in different geographical locations, but don't publish the addresses; let the spammers find them. Have them accept mail as if they would route it, but do not actually send it out. We can assume any e-mails received are spam.

This is trivial for the spammers to work around. All they have to do is try to send email to themselves along with the bunch of spam emails they're sending. If they can't email themselves, they'll move on quickly.

There are other problems with this too, but that's the simplest to point out.

Re:Sounds familiar

[pe1chl]

Is there any indication that spammers are actually looking at what is happening to their mail?
It does not seem like they care. 95% of spam is sent in ways that is easily bitbucketed, yet it continues to be sent.

Re:Sounds familiar

[theLOUDroom]

Is there any indication that spammers are actually looking at what is happening to their mail? It does not seem like they care. 95% of spam is sent in ways that is easily bitbucketed, yet it continues to be sent.

Of course they care, how else are they going to enlarge your penis for those hot teens wating for you that you'll surely be able to get with your cash from Nigeria.

Seriously though, spammers spam because it costs them almost nothing to do and even if their response rate is very small, they still make money. They would, of course, like a higher response rate, and to reach as people many as possible since it means more money for them. Logic dictates that they will try and stop all their mail from going into a black hole, because that would mean they wouldn't get any money at all.

Also: Why do you think so much spam is in HTML format? That way they can add image hyperlinks to the source of the message that will be accessed when their spam has been read, informing them that they have a live email address to keep spamming. I would bet at least some spammers do this, since it lets them really conectrate on the people who aren't filtering their spam out immediately. Or by sending their spam to the same set of people different ways, they can test the best ways to get by spam filters.

E-mail or spam?

[stuartkahler]

It didn't clearly state whether they checked if the unauthorized connections were actually sending bulk e-mail (spam), or just normal users using the open net connection to send out their e-mail. I could see people writing e-mails and saving them for when they happen by an open wlan.

Do any e-mail programs automatically send out pending messages as soon as a network connection is detected?

Re:E-mail or spam?

[indiancowboy]

good point. And yes there are clients which would do that.

Re:E-mail or spam?

[weave]

Do any e-mail programs automatically send out pending messages as soon as a network connection is detected?

Yes, Apple's mail.app, and I use that feature a lot while traveling (using an authenticated SMTP connection to my business host to get around the relaying issue). OS X can also automatically connect to the closest hot spot so you don't even have to configure a connection with a SSID if it's WAP free. Just drive up, auto connects, mail.app notices connection is up, it starts sending out pending e-mail and slurping up new e-mail. It's great!

It'll be a sad day when these public hot spots (whether intentional or not) go away...

The good news is....

[Lord_Dweomer]

that maybe these spammers will have to do some driving and the cost of gas will turn spamming from a virtually all-profit run to one where if they don't hook a certain number of suckers, the gas cost will make them LOSE money.

Eh, it'd never happen, but wishful thinking never hurt anybody.

Re:Read ^UP^ stupid

Blocking all ports but 80 is hardly going to stop spammers from going nuts at Starbucks or other intentionally public WAPs. There are thousands of proxies out there which run on port 80 and would be happy to connect you to port 25 on any mail server in the world...

Reason doesn't matter if the connection isnt legit

[Zeddicus_Z]

If a connection to your AP is not a legitimate, authorised connection (i.e. one made by the people the AP/wireless connectivitiy was put in place for), it doesn't matter what the reason for the connection.

Saying that 71% of all unauthorised Wireless access attempts are attempts at spamming is nothing more than a useless statistic. If you have Wireless in place and have not properly secured it (Mac lists/VPN/VPN endpoint in DMZ), then you've got bigger problems than your local Wiget reseller using bandwidth you paid for, to annoy a few million people.

Poorly written article

[mharris007]

I think this is a poorly written article, and it doesn't nearly go in to the subject at the depths it should.

I would like to know in what sort of area did they set up these WLAN honeypots? I'm going to assume it was probably in a large meteropolitan area. Also, I would like to know how the hackers so easily found the WLANs mail server once inside the network. There are a bunch of questions this article leaves unanswered in my mind. I would like to see them report more information than what they did.

As a previous poster said, take this with a grain of salt (or salt lick).

Re:Poorly written article

[dbCooper0]

I prefer a shaker of salt, as opposed to a grain.

Re:Poorly written article

[nmg196]

> how the hackers so easily found the WLANs mail server once inside the network

It doesn't imply that they did find the WLAN's mail server (if it even had one). They just needed the Internet connection to anonymise themselves and used any existing open-relay on the Internet to send the mail, or more likely - they just sent them directly without using any SMTP server at all (a lot of spamming software seems to mail directly now if you look at the headers - with no intermediate relays).

All you need to do to send a mail is resolve the MX record for the domain name in question to get the IP address of the receiving host, then just open a TCP connection on port 25 directly to that machine straight from the computer that sent the mail. This is the most reliable way to deliver a message.

Nick...

Re:Poorly written article

[Richy_T]

This points to a potential fix:

Set up your network so that all MX DNS requests return the IP of a blackhole machine. Course, if the spammers have their own list of IPs, they can get around that but you can always block those too. Only your mail server (if you have one) needs to be able to access outside your network on port 25. Unless you use a smarthost setup or the clients on your network talk to your ISPs server but then all that means is that you only need to let that address through.

Course, you then still have the issue of the spammer being able to access your ISP's server (or your own local one).

Personally, my eventual intention is to put the WAP on a separate physical network with only SSH access to my main network. Maybe I'll open up a port through a squid proxy with known HTTP vulnerabilities blocked.

I would love to be able to offer thru-SMTP access but as others have said, this is a case of the few ruining things for the many. Maybe some sort of throttling system or perhaps even store-and-hold (with the bonus advantage I get to snoop others e-mails before I let them go) :)

Rich

This is really silly post!

They cant blame the medium (WLAN i.e.) because people send spam from it. Its like blaming the telecommunication industry (AT&T et al) for the tele-marketiers phone calls. You wanna prevent spamming just block any kinda SMTP traffic, any standard filewall will do it for you (which I assume you will be running anyway if u'er opening up your network to the world).

Re:This is really silly post!

[AndroidCat]

Gonna block all the proxy ports too? These days most spammers send through open proxies. (Some of which are open porxies.) It makes it harder to track, and gets around ISP blocks on port 25.

Re:This is really silly post!

silly indeed.
in this case the MTA is the proxy not the wifi enabled network, so whats the point - block port 25, wipe hands of responsibility.

Idea

[use_compress]

Step 1: Purchase private island Step 2: Make private island autonomous country Step 3: Cover island with free Wifi Step 4: Implement secret anti-spam laws with Singapore-style penalties Step 5: Wait for spammers to come

Re:Idea

6. ????
7. PROFIT
8. Buy lots of computers
9. Build Beowulf cluster
10. ?????
11. More PROFIT!
repeat the cycle ad infinitum

I would like to call BS

[La+Camiseta]

Ok, I admit it, I do tend to go out front of other's places and use their wireless connections. And yes, most of the time it's for email. But you have to realize that just because you're sending out a dozen or so emails, it doesn't mean that it's spam. I like to use my email client in offline mode, and so I kind of "save up" the emails to send later, and then send them all at once. It's not spam, it's just communication.

Re:GO AGAINST THE FLOW YOU SPICS

At first i thought that was just a really unfunny humor comic...but then i realized it was serious.

damn there is some fucking gay shit on the interenet.

+1 Insightful?

Maybe funny, but not insightful =P.

solution:

[scourfish]

Presidential pardons for anybody who kills a known spammer in cold blood

Yes, Serious

1. don't pay for an internet connection
2. ???
3. Profit!

recall that one spammer who got dragged to hell and back on /. he was installing a T1 in his house. thats $500-1000 per month. with open access points we'll have more spammers. maybe we can skip ??? and go straight to profit?

Mail, not Spam - and this is Good.

[billstewart]

The article doesn't say they were spamming, it just says they were sending mail, then starts ranting about spam. Of course they were sending mail - that's one of the big reasons that people want to use wireless, along with receiving their email and web surfing.

JDAM perhaps

[Tailhook]

Target the suckas and zap the bejeezus out of 'em.

Transform that into a GPS coordinate, vector in a B1 and BOOM! We'll need to develop some appropriately sized weapons however. The current 500, 1000, 2000 lb units might produce a bit too much collateral damage in peace-time urban environments...

Built in sharing?

[gad_zuki!]

> Block all ports except 80 if you have to... just don't take away my free access!

I would if I could. I wouldn't mind sharing some of my connection with the people in my neighborhood, but security and just the nature of tcp/ip to go as fast as it can means it just ain't gonna happen. Not am I willing to set up more network equipment, VPN, etc.

I'd love to see a built in DMZ with port 80 open and bandwidth thortling if I choose to share. Heck, this would probably solve half your security issues right there. Inept users would have a working link (just web/webmail) and a much more secure home network if they didn't bother to read the instructions and just plugged the thing in. Techies and free information types would have an easy way to share access to strangers.

I live two doors away from a coffeeshop and with a second AP placed strategically near the window I should be able to get on the net from there.

It would be nice if the next Linksys or whomever's firmware update had a "share a fraction of your connection for web users" option.

Re:Built in sharing?

[bn557]

It would be nice if the next Linksys or whomever's firmware update had a "share a fraction of your connection for web users" option.

This doesn't seem likely due to the fact that MAC based IP traffic weighting is a pretty advanced feature, and is one usually reserved for higher class routers.

P

Keep it open

One half of the posters question the validity of the statistic while the other half reminds access point owners to secure it against unauthorized access. Is this really Slashdot?

While a single access point may not make a very meaningful statistic, it should be obvious that anonymous internet access, regardless of the form, is attractive to black hats and spammers. As unregulated internet access becomes more common, this will become a problem which is bigger than a crappy statistic.

So do we close our access points now? No we don't, because it wouldn't solve the real problem: That there are malicious people who do get internet access in any one of a million places with or without my access point. It's depressing that on one hand the tech crowd howls "freedom" every other minute, but on the other hand restrictions and surveillance always seem the weapon of choice when problems in their own domain arise.

Spam and other nuisances can't be cured by giving internet access to good people only. Stop trying, it's futile. The recipient needs ways to deal with these problems which cause him a minimum amount of overhead. Development of these means is crucial; It makes the difference between an open network and a fascist zombie network. Control which we give to network providers and nation states so that they can protect us from spam will be turned against us when they see fit.

Re:Keep it open

It's depressing that on one hand the tech crowd howls "freedom" every other minute, but on the other hand restrictions and surveillance always seem the weapon of choice when problems in their own domain arise.

When they howl "freedom" they're referring to the government. When they howl "restrictions and surveillance" they're talking about THEIR OWN equipment.

Re:Keep it open

That kind of was the point... The government chooses surveillance because it looks like the easy way. We're falling into the same trap, even though we really should know better.
Besides, someone else's access point is not your own equipment. Why do you think he should have to control the users of his equipment? You may classify his system as "rogue" and reject email from his ip, but that isn't going to stop spammers - instead it's just making the free internet access he provides and email in general less useful for legitimate users.

Teenagers

[CAIMLAS]

Just think of how many teenagers could make a lot of money while participating in a favored American teen pasttime: cruising the drag (or loop, main, etc). No longer would they have to worry about gas money!

On the other hand, I wonder how legal something like, say, a physical solution to a digial problem would be, IE, they're stealing your bandwidth, you shoot out the tires on their 'getaway' vehicle while it's parked on the street. Were you stopping perpetrators? Would this be a reverse attack, were they attacking your Win2k file share? How about a simple, "drag them out of the car and beat them with a Model M" approach? Would this be justifiable under theft laws, or would it simply be assault?

Many important questions to ponder.

NoCat Auth

[jroysdon]

A good linux sysadmin could setup a multihomed Linux server between his AP(s) and broadband and use NoCat authentication to block this sort of thing, while allowing surfing (or whatever else).

Can't believe it

[sharok]

Spammers taking time to wander around war riding ?
Get real, they don't waste their time like that. They send out a billion spams on a high speed cable line then go golfing (or whatever).

Re:These statistics should be taken with a salt li

personally I like to think of my free wireless
as being from an altruistic ISP. I don't know which neighbor has the wireless router, but I
do know I get the full strength signal with my bedroom window open. Fast and Free, out in the hills, but its cold in the winter.

I block my AP by MAC address...

My PDA's 802.11 drivers require (damn you Linksys) SSID broadcasting to be on, so the only way I have to secure my Wireless Access Point is to only permit certain MAC addresses to connect. My PDA, Tablet PC, and wife's computer all go on the list, but nothing else.

Anyone know of downloadable 802.11x software?

Re:I block my AP by MAC address...

[AndroidCat]

Or anyone else who spoofs their MAC address after sniffing some traffic.

Re:I block my AP by MAC address...

[Dr.+Manhattan]

Or anyone else who spoofs their MAC address after sniffing some traffic.

I started looking into wireless for the new house we're moving to, but two things stopped me. The first was price... ~$250 just to set up two computers and an AP?

The other problem was securing the damn things. So far as I could tell, I'd need to set up a full encrypted VPN on the wireless section. MACs can be spoofed, the built-in WEP is apparently a joke, etc. etc. If I didn't want to get cracked, or hand my bandwidth to any passing spammer, a VPN would be the only way.

Am I missing something? Or am I wise to just put in the Cat5 and have much faster speeds as well as privacy and access control?

Re:I block my AP by MAC address...

[alkali]

So far as I could tell, I'd need to set up a full encrypted VPN on the wireless section. MACs can be spoofed, the built-in WEP is apparently a joke, etc. etc. If I didn't want to get cracked, or hand my bandwidth to any passing spammer, a VPN would be the only way.

The "WEP is a joke" meme has some natural selection coming to it. Is WEP not as strong as it probably should have been? Yes. But you have to spend hours if not days of computer time crunching packets to break WEP encryption. Someone with sufficient motivation could do that, but it's not the kind of thing that just anyone could do, and it's definitely not the kind of thing that can be done on a laptop in a few minutes by someone wardriving through your neighborhood.

And what's the payoff for all that work? Free, slow internet access if you park next to my house, until I catch you. Also, you can print nasty messages on my network attached printer, and you can look at the shared folders on my desktop if I've left it on (i.e., my vacation pictures). Who would bother?

Obviously, if you have deeply confidential stuff exposed on your network -- e.g., you're a lawyer or CPA and you share client files across your office network -- WEP might not be strong enough. But for home use, it's no more a "joke" than the lock on your car door: hardly impenetrable, but it will deter wrongdoers.

Or am I wise to just put in the Cat5 and have much faster speeds ... ?

If your broadband source is DSL or cable modem, it's likely that that will be the bottleneck in your connection, not wireless. If you've got dual T3s coming into your house, by all means lay wire.

Re:I block my AP by MAC address...

[Dr.+Manhattan]

...you have to spend hours if not days of computer time crunching packets to break WEP encryption... not the kind of thing that can be done on a laptop in a few minutes by someone wardriving through your neighborhood.

What about Johnny Scriptkiddie two houses down with a Cantenna or something? Perhaps I'm too paranoid, but the thought of anyone rooting my boxes creeps me out. I use ssh on our wired LAN, and I know no-one's peeking in on that.

...it's no more a "joke" than the lock on your car door: hardly impenetrable, but it will deter wrongdoers.

I've got a remote-monitored alarm system. Again, not invicible, but I guess I take security a little more seriously than most.

If your broadband source is DSL or cable modem, it's likely that that will be the bottleneck in your connection, not wireless. If you've got dual T3s coming into your house, by all means lay wire.

I'm aware that even 10BaseT is much faster than typical residential broadband rate. So is 802.11*. But I don't just surf the net.

I have multiple computers, and I share data between them. I just did a major backup-and-restore when I upgraded to a new machine on Sunday, and 100MBit is very nice for such things. Equivalent wireless speeds are, well, pricey. I don't even have a laptop right now, and with two kids, a wife, and a new house, I won't be spending much time on the computer anyway. I'm pretty sure I can wire up Cat5 faster than I can can configure three computers for transparent VPN in two different operating systems.

Re:I block my AP by MAC address...

[alkali]

... I guess I take security a little more seriously than most.

I wouldn't necessarily say that, although I would say that you feel you need more security than most people do to get to your comfort level. There's nothing unreasonable about that.

The odds of your living near someone with the inclination and expertise to break your WEP -- which is not a staggering level of expertise, but above the script kiddie level -- is very, very small. I'm not aware that there are any programs in circulation that cryptologically unsophisticated people can use to bang away at their neighbor's WEP encryption. (I'm thinking of programs remotely comparable in ease of use to NetStumbler, which if you don't know it is a program that tells you how many wireless networks people are using within range of your antenna, what their station IDs are and a some other things.) Indeed, I'm not aware that there have been any reports of WEP having been broken outside of lab experiments, although I suppose we can't know that it's never happened.

It may well be that you wouldn't be comfortable with any wireless networking regardless of the encryption scheme used. However, using WEP is a level of magnitude stronger than what most people use to protect their personal possessions and private information, and so people shouldn't automatically reject it on the grounds that it's "broken."

Re:I block my AP by MAC address...

Airsnort.

AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.

802.11b, using the Wired Equivalent Protocol (WEP), is crippled with numerous security flaws. Most damning of these is the weakness described in " Weaknesses in the Key Scheduling Algorithm of RC4 " by Scott Fluhrer, Itsik Mantin and Adi Shamir. Adam Stubblefield was the first to implement this attack, but he has not made his software public. AirSnort, along with WEPCrack, which was released about the same time as AirSnort, are the first publicly available implementaions of this attack.

AirSnort requires approximately 5-10 million encrypted packets to be gathered. Once enough packets have been gathered, AirSnort can guess the encryption password in under a second.

Re:I block my AP by MAC address...

[alkali]

AirSnort requires approximately 5-10 million encrypted packets to be gathered. Once enough packets have been gathered, AirSnort can guess the encryption password in under a second.

Interesting link. AirSnort is not quite ready for prime time the way NetStumbler is, but it appears not to be terribly far away.

I would point out that the FAQ suggests that on average, a moderately busy network -- 4 persons surfing the Net continuously during business hours -- would take about 16 days to generate enough packets to permit cracking the encryption. Doing some rough math, that's about 500 hours of person-surfing. My home network generates maybe 10 hours of person-surfing a week, so it would take on average 50 weeks of continuous monitoring to crack my password, assuming that someone was inclined to devote that much time to the project. That suggests I should change my password every 3-6 months, but it doesn't suggest that WEP is so weak that wireless is a bad idea for me.

Re:These statistics should be taken with a salt li

The published methodology and results proves the snotty comment itself.

They had a total two honey pots. You can't have a statistic with a sample size of two. There's no hard and fast rule on how many samples you should have, but to write any comments about the result, you need a minimum sample size of thirty. These people, wrote a whole article based on a sample size of two, hence you can take this "statistic" as a grain of salt.

a bit slow

[BenjyD]

In the honeypot test, the first unauthorised connection to the WLANs was made in just over two-and-a-half hours.

There was a TV show in the UK that recently did something similar to this with bike theft. They left an unlocked bicycle on the high street of a northern town and set up hidden cameras to watch. Somebody nicked the bike within 30 seconds of the owner walking away. I guess spammers are a bit slower than your average criminal.

Re:a bit slow

[adamofgreyskull]

Northerners are aren't average criminals ;-)

But seriously...are you saying spammers aren't criminals???

Re:a bit slow

But seriously...are you saying spammers aren't criminals???

No, he said a bit slower than average!

You laugh

But I work for a scumbag who does precisely that. Yes, drive by spamming is becoming very real. Think about it. You're a spammer, buying your own bandwidth is tricky and expensive. Every time you commit to a year's worth of T1 pipe your ISP wants to shut you down after the complaints against your first campaign come in. Your IP range is blacklisted in no time, and you've got to move again.

Instead of going through this process, scumbag spammer takes his laptop with him, has a map printed out of open WAPs, parks near one, and blasts out 10,000 emails. Before you figure out something is amiss, he's long gone.

Even if you intend to provide free access, you need to secure your WAP against mail abuse. My boss could get your broadband connection shut off if you don't.

Re:You laugh

there's no way in hell the parent post is real. none. nada. nil. zip. zilch. zero. the big goose egg.

Re:You laugh

[Tackhead]

> But I work for a scumbag who does precisely that. Yes, drive by spamming is becoming very real. Think about it. You're a spammer, buying your own bandwidth is tricky and expensive. Every time you commit to a year's worth of T1 pipe your ISP wants to shut you down after the complaints against your first campaign come in. Your IP range is blacklisted in no time, and you've got to move again.
>
> Instead of going through this process, scumbag spammer takes his laptop with him, has a map printed out of open WAPs, parks near one, and blasts out 10,000 emails. Before you figure out something is amiss, he's long gone.
>
> Even if you intend to provide free access, you need to secure your WAP against mail abuse. My boss could get your broadband connection shut off if you don't.

I'm a guy who blocks all traffic from 200.0.0.0/6 (LACNIC and a chunk of APNIC) at the router. I also filter out everything from 12.0.0.0/8, 4.0.0.0/8, and 24.0.0.0/8 as spam. (attbi.com, verizon-dsl.whatever, and cable modems), plus a bunch of cable modems in smaller than /8 increments from ass clowns like Cogentco and Cogeco. One false positive over the past few months.

You're a clued geek running your own mail server on your broadband link? Got everything locked down tight? No flies on you, right, buddy? You rule!

Wanna email me from your own mail server? Well, because the rest of the customers at your ISP (who have no interest in running a mail server) won't secure their fucking open proxies and have become 2/3 of my inbound spamload, and because your ISP won't block outbound port 25 (with the option to have it re-opened by customer request), you end up talkin' to the 550 too, baby, 'cuz my mail client ain't listening. Go through your ISP's mail server like the rest of the plebes.

The scumbag boss of the guy I'm replying to isn't just threatening the connectivity of dr00ling n00b fuckwits who can't secure their proxies.

Even if you're secure, he's threatening your connectivity too.

Re:You laugh

[Tackhead]

> there's no way in hell the parent post is real. none. nada. nil. zip. zilch. zero. the big goose egg.

Perhaps it is, perhaps not. I just know that a large proportion of my spamload is coming from residential broadband users.

I don't care if they're running open proxies or just having their open WLANs hijacked, but I know where the spam's coming from.

Just as with dialup, the overwhelming majority of residential broadband users have no business talking to port 25 on anything other than their ISP's mail server.

By default, port 25 should be blocked. Anyone who cares, should be able to call their ISP up and say "I want to run my own mail server. Please unblock me."

At the rate we're going, anyone running their own mail server under the current system isn't likely to be sending mail to anyone, ever.

"bad statistics", so let's run the story anyway

huh?

Not quite...

[SIGBUS]

HTTP can be abused to send spam. All you need to do is find an open proxy server listening on port 80. I've seen this done when a spammer tried to do a dictionary attack on a mail server that I run at work. The scumbag used open SMTP relays, open SOCKS proxies, and open HTTP proxies to do its dirty work.

Eventually, the spammer gave up - it must have noticed that I was firewalling the connections as soon as I detected them. MIMEDefang, combined with a modified filter script and ipchains or iptables, can do some neat tricks.

LOL

[bcc123]

I submitted an "ask slashdot" about this exact matter in the middle of 2002 and it was rejected.
One more proof that the editors here are a bunch of nearsighted linux *-kiddies.

darn

[jago25_98]

for someone who loves the idea of free(er) public networks via wireless this is a stick in the throat :/

a minority ruins for the majority once again.

can't we get rid of open email and just use private acl's?
this is what I'm going to go for my next account.

Bad, spammer, bad.

[Vodak]

How can we as a society have our cake and eat it too in regards to public wireless networks? The answer is simple... Allow people to shoot spammers on site. No long would being a repo man be the most dangerous line or work. =]

On a more serious note spammers using these open wireless networks to send spam kind of negates the whole black list mail server things doesn't it.

Re:Bad, spammer, bad.

On a more serious note spammers using these open wireless networks to send spam kind of negates the whole black list mail server things doesn't it.

No, you just black list open networks. Many poeople already black list dial up networks. This would be more of the same.

I for one don't like it.

[Deal-a-Neil]

We have to pay an additional $1.75 per MONTH for this new "number portability". Listen, at the end of the day, I don't feel bound to my cell phone number. Hell, it helps me weed out the people that I don't want to have it. I think this should be an option for each consumer -- you make the decision when you sign up, as to whether or not you want to keep that number, not some mandate across the board. That's another $21.00 a year for something I give two craps about.

Re:I for one don't like it.

[Deal-a-Neil]

Umm... wrong thread. :-|

Annointing politicians

[Ashurbanipal]

Forefather John Paul sig-quoth:

I wouldn't piss on most of our current politicians if they were on fire, and neither would most people I know.

Dude, I'd love a legal excuse to pee on any of our current politicians, so please set your choice alight ASAP! I've got a friend with a video camera...

Spammers *ARE* looking for WLANs.

Both forced entries onto the wireless network I administer were for the purpose of sending spam email. The distance between the two incidents was 27 miles away from one another--the emails were for different "products and/or services," so the assumption is that it was two different spammers.

Are spammers looking for open WLANs? Yes. And if they're not open, some are even attempting to find another way onto the network:

Personally, I'd never thought anyone would go to the lengths of MAC Address Spoofing, AirSnorting the WEP key, and launching a man-in-the middle attack to get user authentication information.

(Anonymous to protect my organization's identity.)

They deserve what they get

[gillrock]

I'm the last person in the world that would be in favor of spam of any kind.

However, there are a number of insecure Wireless networks in the area where I work (one's in the building next door), and anyone who sets up an insecure wireless network deserves whatever they get. Spam or otherwise.

Not Very Useful

[SlipJig]

First, the article doesn't discuss where these honeypots were set up; to me this is required information since the risks (both of malicious connection and of spam on those malicious connections) vary by location. If my WLAN is in a "safe" environment I'm going to worry less about this.

Second, there was a big blurb on the article advertising SurfControl, a spam-filtering product. So I will treat everything in this article skeptically.

Alarmist? Of course!

[cmburns69]

You expect something like "Everything is OK" from slashdot?

Maybe you haven't been here very long...

An online Starcraft RPG? Only at

Obligatory

[unicron]

Kent: Mr. Simpson, how do you respond to the charges that petty vandalism such as graffiti is down eighty percent, while heavy sack-beatings are up a shocking nine hundred percent?

Homer: Aw, people can come up with statistics to prove anything, Kent. Forfty percent of all people know that.

Kent: I see. Well, what do you say to the accusation that your group has been causing more crimes than it's been preventing?

Homer: [amused] Oh, Kent, I'd be lying if I said my men weren't committing crimes.

Kent: [pause] Well, touche'.

Not Missing anything...

[Richy_T]

I don't think.

CAT5 is excellent and well worth all the crawling under the floorspace, sawing and drilling you haveta do. Especially for in-house applications where you may not be moving computers around all that much

However, wireless has its advantages too. It's nice to be able to carry a laptop around with you, setting it up here or there without having to run 50ft of cable around. Nice for if you want to sit outside and do some work too. It's just a convenience thing. It's the computer equivalent of having a cordless phone in many ways.

Point is though, you have to make the decision regarding whether it is right for you. But your basic facts seem pretty much in order.

Rich

Buying this crap

If people are sending the spam to make money, people must be buying the crap they are selling, right? So if people don't buy their shit, they will stop because they no longer make money. I'm in no way a supporter of SPAM, but after all we for the most part, we are capitilists, people don't spend time doing stuff unless they make money.

for what it's worth I've had the same email address for 10 years, and with no filtering, only seem to get about 10 Unsolicted emails aday, i get more crap in my post box

Day of the Spam

"Where is all this spam in my in box coming from? I didn't know our wireless net was hooked to the Internet."

"Oh my god, it's coming from INSIDE THE HOUSE! AAAAAAA!"

No, I didn't read the article.

Block the bloody ports

Block all ports except 80 and for christs sake all you have to do is ban the MAC's of those fools who send span so they cant do it again. That will teach them a lesson, but wont punish everyone else.

Legal remedy...

[qtp]

Outlaw advertising.

no adds, no spam.

the Salt Lick

[deflood]

... mmmm Salt Lick BBQ

New (correct) math :

[Glonoinha]

>That means that something like 17% of the total connections were used for sending spam.

The other 83% were used to receive spam.

Voila! Case closed.

Rerouting the fault

[saikou]

Well, those people, who actually are trying to SPAM through open WLANs usually act because someone (like American Language Center) promised them money/cut of profits or something else. Problem is while WLANS can be more or less secured, and hijackers can be delt with, the main source is still intact. And, because in most cases companies will say "well WE did not send spam, we just hired Joe to advertise us" and get off the hook, WLAN hijacking will go on. Until all "Joe smartypans" spammers will be rooted out. Given the size of the population it's highly unlikely.

Wait until SPAM on behalf of unsuspecting companies will be employed as 'crush the competitor' technique :)

Re:Trap spammers?

WTF is up with the moderators? This is an awesome, albeit geeky, idea. What would be better than a way to find, nab, and publicaly embarras these spammers

Since the moderators are on crack, I will re post what the parent said:

Set 3 AP's up. Put some camera's in an open street, and use some positioning software (possible with 3+ AP's). Install a packet sniffer on your server, and arrest those guys!

The worse things about SPAM Take Two

[goofrider]

1. Reversed Cost: It costs them very little to send one email which has hundreds of recipients. The bandwidth it consumes is a huge cost factor for the ISPs, which in turn, has to compensate for it by charging the customers more. Indeed, spam is most like junk FAXes, which are sent at the convenience of the sender and the expense of the recipient. With third class mail, if you don't want it, you throw it out, and it takes very little time. If you are interested, you open it. Spam email costs you and your provider money to receive whether you ever read it or not. [src="FAQ #4 @ Spam.abuse.net"]

2. Disruption: Spam brutally disrupt your every-day routine. I can waste an hour a day going through your personal or work mailbox to delete spam. Email is such a personal, direct form of communication, having so many unsolicited messages in your mailbox is intrusive and disruptive.

Paul Graham (the guy who wrote POPFile, probably the first bayesian spam filter) has a great eassy about why spam is bad. I couldn't say it better myself.

But 1 false positive is unacceptable

[bluGill]

If I get even one false positive, it means I have to manually wade through the 35 SPAM (actual count today) messages I got today, just incase one was a false positive. In effect the spam matching effort is wasted because I still have to look at all the spam. I want spam elimination software to get rid of the spam so I can go on with my life without paying attention to it. When I have to pay attention to it at all, that means that the software is worthless.

False negatives are not as bad. If I can get rid of all the breast enhancement ads (without losing the gossip about some aunt who got enhancements) my life would be better. But if there is a flase match what is the point?

Email is a tool. I get messages every day that I need to read. Most people don't call me, and I used to encourage that as I would prefer to communicate over email. (almost as fast as a phone, but there is a chance to take those stupid things I tend to say back) Spam has made email nearly useless for general communication though.

Re:But 1 false positive is unacceptable

[Brian+Kendig]

I have my mail server set up to automatically recognize incoming spam and reject it with an error message which says 'this is being rejected because it looks like spam; if it's not, please resend it to notspam@mydomain.com.' That's an address which I've set up to completely bypass my spam filters and come directly to my inbox.

In the past six months I have never received even a single piece of spam at my 'notspam' address, which is only advertised through this error messages. And even if any spammers did get hold of it, I could just change the address to something else.

I've had one or two people who sent me a message which was bounced (in both cases it was an email greeting card), and they saw this error message and re-sent to my 'notspam' address. I see this as a MUCH better approach than making me review my spam-bucket email every day.

Re:But 1 false positive is unacceptable

[ODD97]

The problem with this, and I know because I work e-commerce, is that when we send Order Confirmation e-mails to your address, we get these bouncebacks quite often. It's a good idea (from our perspective) to offer other software with these confirmations, and these offers are tagged as 'spam'. But we don't resend to other e-mail addresses, so you're not going to get important order details. The only way to get these from us in this case is to call us, and we can re-send it then.

It doesn't make sense for us to dig through 1,500 bounceback e-mails to find the 'send to here instead' in the pile of 'I've received your e-mail', 'I'm on vacation 'til 2010', 'thanks for your e-mail, please look at my website at blah', etc.

I'm sure that most of the time, if your friends get your little bounceback, they just say 'screw him, he doesn't need my e-mail then.'

Statistics

[godpaully]

48.8% of statistics are made up on the spot. This was discovered in a study of Technical Support specialists from all over the world. It was a very scientific study using fingers from both hands.

That too is unacceptable

[bluGill]

That is a hasstle. Not for me, once I have it set up, but for those who want to contact me. I'm looking for a job now, I can't afford to let an otherwise good job slide by because whoever was trying to contact me has better things to do than figgure out what magic is needed to make my email work. There are many more job hunters than jobs right now, so they won't take the time to email me if I don't respond back right away.

I also question your notspam@example.com solution. Someday that will get onto the spammers lists, and then you have spam there too.