Slashdot Mirror

← Back to Stories (view on slashdot.org)

WLANs As Spam Conduit

Posted by chrisd on from the spammers-are-still-evil dept.

Saint Aardvark writes "According to this article, a honeypot was recently set up on two wireless LANs. 25% of the connections observed were deliberate, and 71% of those were to send spam. Even more reason to take care of your ether." These statistics should be taken with a salt lick...

11 of 217 comments (clear)

  1. Spam on the cell. by zbowling · · Score: 5, Informative

    Spam and telemarketing calls to a persons cell phone (or any system where the person that is being called has to pay for the call) is currently illegal in the states under telecommunications act of 1989. Its the same act that allows us to ask to be put on a company's not calling list and sue if they call back. Do a google for it. Some cool ways to protect yourself using the law.

    --
    No.
  2. Port 80 is Perfectly Safe by waldoj · · Score: 3, Informative

    Even port leaving port 80 isn't safe due to the Form_Mail.pl security issue that is plauging web servers all over and dumping spam into a mail spool near you.

    There's no problem with keeping port 80 open. It's running an unsecured web-based non-authenticated mail relay that's the problem.

    -Waldo Jaquith

  3. Re:Serious? by John+Paul+Jones · · Score: 2, Informative

    Erm. It was Benjamin Disraeli, not Sam Clemens.

    --
    Feh.
  4. Re:4 percent? by eander315 · · Score: 4, Informative
    Read that sentence a little closer. It says that 25% of the connections were deliberate, and among those connections, 71% were used for spam. That means that something like 17% of the total connections were used for spam.

    The other 75% is the part that is presumably connecting by mistake.

  5. Sounds familiar by gmajor · · Score: 3, Informative

    For a class I took, a professor set up a temporary mail server that we needed to use for an assignment. He of course took precautions, making sure mail was only routed to a certain domain.

    But within 48 hours, the mail server was found by spammers!

    He even had a great idea for anti-spam software/blocking. Set up these honeypots in different geographical locations, but don't publish the addresses; let the spammers find them. Have them accept mail as if they would route it, but do not actually send it out. We can assume any e-mails received are spam. Make a collection of spam e-mails, and have filters block out mail that closely matches all the mails the honeypots have received.

  6. Re:public spots by jratcliffe · · Score: 2, Informative

    If memory serves, the service providers (Boingo, T-mobile, etc.) use a client on your PC to authenticate you (probably MAC-based, but I'm not sure). Their concern isn't just security, of course, but making sure that you actually pay for the service.

  7. Mail, not Spam - and this is Good. by billstewart · · Score: 2, Informative

    The article doesn't say they were spamming, it just says they were sending mail, then starts ranting about spam. Of course they were sending mail - that's one of the big reasons that people want to use wireless, along with receiving their email and web surfing.

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
  8. Re:Please, keep the internet free by XNormal · · Score: 2, Informative

    My point is that mearly blocking ports is never the answer, keeping your patches up to date and not running open relays is a simple solution.

    And how is that going to help if your wireless LAN is wide open to anyone passing by? The mail relay is, by definition, open for insiders.

    --
    Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
  9. Re:How about... by Lynn+Benfield · · Score: 2, Informative

    Blacklists and Spam Assassin help some, but there are too many false positives

    Perhaps not as many as you'd think though - I recently switched from Spamfire (keyword based filter) to POPFile (Bayesian with list of known-to-be-good-senders), and have been very impressed.

    It's been running for 10 days, has processed 1108 mails, and made 26 mistakes. Almost all of which were in the first 24 hours - I've been checking my spam folder a couple of times a day, and have had 3 false positives in the last week (all receipts from online orders).

    So far it's claiming 97.65% accuracy, with 60% of the mail passing through it being spam.

  10. But 1 false positive is unacceptable by bluGill · · Score: 2, Informative

    If I get even one false positive, it means I have to manually wade through the 35 SPAM (actual count today) messages I got today, just incase one was a false positive. In effect the spam matching effort is wasted because I still have to look at all the spam. I want spam elimination software to get rid of the spam so I can go on with my life without paying attention to it. When I have to pay attention to it at all, that means that the software is worthless.

    False negatives are not as bad. If I can get rid of all the breast enhancement ads (without losing the gossip about some aunt who got enhancements) my life would be better. But if there is a flase match what is the point?

    Email is a tool. I get messages every day that I need to read. Most people don't call me, and I used to encourage that as I would prefer to communicate over email. (almost as fast as a phone, but there is a chance to take those stupid things I tend to say back) Spam has made email nearly useless for general communication though.

    1. Re:But 1 false positive is unacceptable by Brian+Kendig · · Score: 2, Informative

      I have my mail server set up to automatically recognize incoming spam and reject it with an error message which says 'this is being rejected because it looks like spam; if it's not, please resend it to notspam@mydomain.com.' That's an address which I've set up to completely bypass my spam filters and come directly to my inbox.

      In the past six months I have never received even a single piece of spam at my 'notspam' address, which is only advertised through this error messages. And even if any spammers did get hold of it, I could just change the address to something else.

      I've had one or two people who sent me a message which was bounced (in both cases it was an email greeting card), and they saw this error message and re-sent to my 'notspam' address. I see this as a MUCH better approach than making me review my spam-bucket email every day.