Slashdot Mirror
WLANs As Spam Conduit
Saint Aardvark writes "According to this article, a honeypot was recently set up on two wireless LANs. 25% of the connections observed were deliberate, and 71% of those were to send spam. Even more reason to take care of your ether." These statistics should be taken with a salt lick...
...public vigilante executions of spammers? Kinda like a citizens arrest, but more permenant. Just a thought.
Block all ports except 80 if you have to... just don't take away my free access!
These statistics should be taken with a salt lick...
Does spam go well with tequila?
my other penis is a vagina
Makes you wonder where they built the Wireless LAN.
Moderators Moderators do your worst.
After all, I'm an Anonymous Coward
Spam and telemarketing calls to a persons cell phone (or any system where the person that is being called has to pay for the call) is currently illegal in the states under telecommunications act of 1989. Its the same act that allows us to ask to be put on a company's not calling list and sue if they call back. Do a google for it. Some cool ways to protect yourself using the law.
No.
what about the other 4%... was that accidental?
www.necroticobsession.com
I've read repeatedly that some percentage of all email is spam. I think the number that usually gets thrown around is 40%.
I can't remember the last time I got that much legitimate email...
I really wonder how these stats are gathered.
Wait, so this company, "Z/Yen," has determined that 71% of malicious connections to wireless networks are used for sending spam, and they've done so on the strength of setting up a grand total of two WiFi hotspots in one unspecified city (which I assume to be London, because that's where they're located) for an unspecifed time span...and this leads to conclusive results? That's just stupid.
In other news, based on my survey of my apartment, 75% of people are running Mac OS X, and 25% are running Linux.
-Waldo Jaquith
Umm... First, this means that 75% of the connections were not intentional? Is this the equivalent of 75 people saying they're sorry for stepping on your toes, while 25 people did it on purpose?
Second, define "emails". Is that 10? 10,000?
This seems a bit alarmist.
Feh.
"If the proposals come into force, senders of unsolicited emails will require prior consent from recipients, and web users will have to be told if cookies are being used, with the option to reject them. Individuals will also be given more power to decide whether they want to be listed in subscriber directories. "
Although the proposal sounds good whats this big fuzz about cookies ? Sorry for sounding possibly ignorant but since when have cookies become security threat ? If thats the case wouldnt every website face a similar problem with the usage of cookies ?
Siggy Say, Siggy Do
Even port leaving port 80 isn't safe due to the Form_Mail.pl security issue that is plauging web servers all over and dumping spam into a mail spool near you.
There's no problem with keeping port 80 open. It's running an unsecured web-based non-authenticated mail relay that's the problem.
-Waldo Jaquith
So let me get this straight. As opposed to just sitting in the apartments or offices or whatever, spammers are now riding around major urban areas trying to find insecure wireless networks? This, to me, would seem to be a tremendous waste of time.
I'll admit, I don't understand why people spam; but the economics of such a thing simply don't seem practicle. The 25% would seem to be about right to me, but that 18% of the total was just for spam, just doesn't seem to add up.
Then again, as Mark Twain said, "There are three kinds of lies: lies, damned lies and statistics."
You're only as smart as your brain.
...damned lies and statistics. strike again
These statistics should be taken
with a salt lick...
God chris, if you're going to come up with a snotty retort like that, you should back up your argument with some DATA.
These people have published their methodology and results in order to back up their assertions.
What evidence do you have that wireless activity ISN'T being used for illegit activity.
At the very least, even if only 5% of the connections are used to send spam, this article should serve as a reminder: PROTECT YOUR WIRELESS CONNECTIONS!
GOd, there are so many open wireless connections out in the wild. Cover them up people!!!
The summary misquotes the article here. 71% of the connections sent email - not necessarily spam email. I am surprised the figure wasn't higher.
Anyway it is hardly groundbreaking news that you have to secure wireless internet connections.
_____
cheap web site hosting
i see a wireless pig icon up there ! Is it just me ? I need some sleep ..
Siggy Say, Siggy Do
It's easy for the home and business admin to secure his/her AP. But how do public access places like airports and StarBucks counter drive by spamming?
Any ideas?
Remember folks, there are surly looking spammers driving through your surburbian neighborhood right now just looking to abuse your DSL connection through your unsecured access point to send spam.
So if your router gives out a DHCP address in the middle of the night, run outside in your pajamas with a baseball bat. There are spammers you need to teach a lesson.
The Internet is generally stupid
What if there were only 2 unauthorized connections? What a story!
I just received in e-mail..
1) Sue for "Cable Theft" (if cable ISP)
2) Sue for "Denial of Service Attack" (since the intent of spam is to fill up your mailbox, causing you to give up real e-mails.)
3) Sue for "Espionage" if you both received a 'viagra' spamvertisement and the e-mail says it's not commercial spam, because if it's non-commercial, they were watching you through a window and wanted to notify you of viagra!
4) Is the spam for an ergonomic peripheral, like mouse or keyboard or computer chair? Or maybe, the company offers you pills to decrease your hormonones? In either case, this means they think you might have repetitive stress syndrome from using your... tool. This is either "Espionage" (they saw it), or "Intent of Deliberate Harm" (they e-mail you so much shit, they KNOW you are guaranteed to have RSS in your wrists....
5) ???
6) Profit
Cover your eyes and click this link!
The study, as presented is useless except to divide people. They might have just as well said that the internet itself was evil for enabling spam. I can say the same thing about materials used to make billboards. The RSA says, "Don't share, people." Great!
Friends don't help friends install M$ junk.
I mean, Im sure most people living near me wouldnt mind downloading pr0n with my connection, but sending spam? Even if they had said hacking I would consider that a stretch. Its not like every kiddy is a script kiddy.
Manipulate the moderator system! Mod someone as "overrated" today.
I occasionally read a NewsFactor article by accident. They define silly. They are usually speculation couched as fact, and prove little except that if you pay Yahoo! enough, they will carry your stories on their news site.
The finding doesn't surpise me much. As far as I'm concerned, a wireless lan should be considered at least as dangerous as your internet connection, and should be firewalled appropriately. What makes them more dangerous is that it's like having your users sit in your DMZ.. their laptops with wireless cards can be wide open and they don't have a clue. I guess it's just like when those users use a dialup modem account without a firewall, but because they're often connected to the corporate network via a vpn etc, they believe they are somehow more secure. They might well have a ipsec or mppe vpn active, but that doesn't usually stop windows from listening on ports 137/138/445. And how many windows users do you really think are going to run a 'personal' firewall and/or understand what they've got themselves into by going wireless.
This is showing spammers are intelligent and learning. That can't be right can it? :)
Rus
Cheap UK and US VPS
I've never seen a browser that didn't allow the option of 'prompting' the user for each cookie thats set. Do these guy's want web pages to be reqired to say they use cookies?
autopr0n is like, down and stuff.
And there's a non-trivial chance that you will blow up.
The PATRIOT act is used to define SPAM as terrorism.
I hope so... If we start hunting down spammers with the same tenacity as if they were terrorists... we'd all be better off.
I'd rather be a conservative nutjob than a liberal with no nuts and no job.
I've had an access point with public access set up in the middle of a major city for several years now, and have never seen a SINGLE spam attempt. As much as I hate spammers, I think this 'warning' is just hype.
>75% of people are running Mac OS X, and 25% are >running Linux
that sounds about right... oh wait, it's still 2003!
--hc
Bruce
Bruce Perens.
Wireless spam? I'm thinking that's not necessarily such a bad thing. (1) wireless broadcasting objects are locatable in 3D using the proper detection tools (2) a wireless enabled laptop is deliberately radio-permeable and structured so as to pick up radio energy.
Solution: directional high powered radio emitters on the 802.11b wavelength. Target the suckas and zap the bejeezus out of 'em.
Mmmm, fried spam.
For a class I took, a professor set up a temporary mail server that we needed to use for an assignment. He of course took precautions, making sure mail was only routed to a certain domain.
But within 48 hours, the mail server was found by spammers!
He even had a great idea for anti-spam software/blocking. Set up these honeypots in different geographical locations, but don't publish the addresses; let the spammers find them. Have them accept mail as if they would route it, but do not actually send it out. We can assume any e-mails received are spam. Make a collection of spam e-mails, and have filters block out mail that closely matches all the mails the honeypots have received.
It didn't clearly state whether they checked if the unauthorized connections were actually sending bulk e-mail (spam), or just normal users using the open net connection to send out their e-mail. I could see people writing e-mails and saving them for when they happen by an open wlan.
Do any e-mail programs automatically send out pending messages as soon as a network connection is detected?
If a connection to your AP is not a legitimate, authorised connection (i.e. one made by the people the AP/wireless connectivitiy was put in place for), it doesn't matter what the reason for the connection.
Saying that 71% of all unauthorised Wireless access attempts are attempts at spamming is nothing more than a useless statistic. If you have Wireless in place and have not properly secured it (Mac lists/VPN/VPN endpoint in DMZ), then you've got bigger problems than your local Wiget reseller using bandwidth you paid for, to annoy a few million people.
Janie took my gun...
I think this is a poorly written article, and it doesn't nearly go in to the subject at the depths it should.
I would like to know in what sort of area did they set up these WLAN honeypots? I'm going to assume it was probably in a large meteropolitan area. Also, I would like to know how the hackers so easily found the WLANs mail server once inside the network. There are a bunch of questions this article leaves unanswered in my mind. I would like to see them report more information than what they did.
As a previous poster said, take this with a grain of salt (or salt lick).
---
Mike
I'm going to kick the next person that I see with their karma rating in their sig.
Step 1: Purchase private island Step 2: Make private island autonomous country Step 3: Cover island with free Wifi Step 4: Implement secret anti-spam laws with Singapore-style penalties Step 5: Wait for spammers to come
Ok, I admit it, I do tend to go out front of other's places and use their wireless connections. And yes, most of the time it's for email. But you have to realize that just because you're sending out a dozen or so emails, it doesn't mean that it's spam. I like to use my email client in offline mode, and so I kind of "save up" the emails to send later, and then send them all at once. It's not spam, it's just communication.
The article doesn't say they were spamming, it just says they were sending mail, then starts ranting about spam. Of course they were sending mail - that's one of the big reasons that people want to use wireless, along with receiving their email and web surfing.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Target the suckas and zap the bejeezus out of 'em.
Transform that into a GPS coordinate, vector in a B1 and BOOM! We'll need to develop some appropriately sized weapons however. The current 500, 1000, 2000 lb units might produce a bit too much collateral damage in peace-time urban environments...
Maw! Fire up the karma burner!
> Block all ports except 80 if you have to... just don't take away my free access!
I would if I could. I wouldn't mind sharing some of my connection with the people in my neighborhood, but security and just the nature of tcp/ip to go as fast as it can means it just ain't gonna happen. Not am I willing to set up more network equipment, VPN, etc.
I'd love to see a built in DMZ with port 80 open and bandwidth thortling if I choose to share. Heck, this would probably solve half your security issues right there. Inept users would have a working link (just web/webmail) and a much more secure home network if they didn't bother to read the instructions and just plugged the thing in. Techies and free information types would have an easy way to share access to strangers.
I live two doors away from a coffeeshop and with a second AP placed strategically near the window I should be able to get on the net from there.
It would be nice if the next Linksys or whomever's firmware update had a "share a fraction of your connection for web users" option.
Just think of how many teenagers could make a lot of money while participating in a favored American teen pasttime: cruising the drag (or loop, main, etc). No longer would they have to worry about gas money!
On the other hand, I wonder how legal something like, say, a physical solution to a digial problem would be, IE, they're stealing your bandwidth, you shoot out the tires on their 'getaway' vehicle while it's parked on the street. Were you stopping perpetrators? Would this be a reverse attack, were they attacking your Win2k file share? How about a simple, "drag them out of the car and beat them with a Model M" approach? Would this be justifiable under theft laws, or would it simply be assault?
Many important questions to ponder.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
A good linux sysadmin could setup a multihomed Linux server between his AP(s) and broadband and use NoCat authentication to block this sort of thing, while allowing surfing (or whatever else).
Spammers taking time to wander around war riding ?
Get real, they don't waste their time like that. They send out a billion spams on a high speed cable line then go golfing (or whatever).
In the honeypot test, the first unauthorised connection to the WLANs was made in just over two-and-a-half hours.
There was a TV show in the UK that recently did something similar to this with bike theft. They left an unlocked bicycle on the high street of a northern town and set up hidden cameras to watch. Somebody nicked the bike within 30 seconds of the owner walking away. I guess spammers are a bit slower than your average criminal.
But I work for a scumbag who does precisely that. Yes, drive by spamming is becoming very real. Think about it. You're a spammer, buying your own bandwidth is tricky and expensive. Every time you commit to a year's worth of T1 pipe your ISP wants to shut you down after the complaints against your first campaign come in. Your IP range is blacklisted in no time, and you've got to move again.
Instead of going through this process, scumbag spammer takes his laptop with him, has a map printed out of open WAPs, parks near one, and blasts out 10,000 emails. Before you figure out something is amiss, he's long gone.
Even if you intend to provide free access, you need to secure your WAP against mail abuse. My boss could get your broadband connection shut off if you don't.
Eventually, the spammer gave up - it must have noticed that I was firewalling the connections as soon as I detected them. MIMEDefang, combined with a modified filter script and ipchains or iptables, can do some neat tricks.
Oh, no! You have walked into the slavering fangs of a lurking grue!
Or anyone else who spoofs their MAC address after sniffing some traffic.
One line blog. I hear that they're called Twitters now.
Gonna block all the proxy ports too? These days most spammers send through open proxies. (Some of which are open porxies.) It makes it harder to track, and gets around ISP blocks on port 25.
One line blog. I hear that they're called Twitters now.
for someone who loves the idea of free(er) public networks via wireless this is a stick in the throat :/
a minority ruins for the majority once again.
can't we get rid of open email and just use private acl's?
this is what I'm going to go for my next account.
A blog I run for the wealth
How can we as a society have our cake and eat it too in regards to public wireless networks? The answer is simple... Allow people to shoot spammers on site. No long would being a repo man be the most dangerous line or work. =]
On a more serious note spammers using these open wireless networks to send spam kind of negates the whole black list mail server things doesn't it.
Umm... wrong thread. :-|
Both forced entries onto the wireless network I administer were for the purpose of sending spam email. The distance between the two incidents was 27 miles away from one another--the emails were for different "products and/or services," so the assumption is that it was two different spammers.
Are spammers looking for open WLANs? Yes. And if they're not open, some are even attempting to find another way onto the network:
Personally, I'd never thought anyone would go to the lengths of MAC Address Spoofing, AirSnorting the WEP key, and launching a man-in-the middle attack to get user authentication information.
(Anonymous to protect my organization's identity.)
I'm the last person in the world that would be in favor of spam of any kind.
However, there are a number of insecure Wireless networks in the area where I work (one's in the building next door), and anyone who sets up an insecure wireless network deserves whatever they get. Spam or otherwise.
"...the shortest distance between two points may be straight line, but it is by no means the most interesting."
I started looking into wireless for the new house we're moving to, but two things stopped me. The first was price... ~$250 just to set up two computers and an AP?
The other problem was securing the damn things. So far as I could tell, I'd need to set up a full encrypted VPN on the wireless section. MACs can be spoofed, the built-in WEP is apparently a joke, etc. etc. If I didn't want to get cracked, or hand my bandwidth to any passing spammer, a VPN would be the only way.
Am I missing something? Or am I wise to just put in the Cat5 and have much faster speeds as well as privacy and access control?
PHEM - party like it's 1997-2003!
First, the article doesn't discuss where these honeypots were set up; to me this is required information since the risks (both of malicious connection and of spam on those malicious connections) vary by location. If my WLAN is in a "safe" environment I'm going to worry less about this.
Second, there was a big blurb on the article advertising SurfControl, a spam-filtering product. So I will treat everything in this article skeptically.
Read my keyboard review.
The "WEP is a joke" meme has some natural selection coming to it. Is WEP not as strong as it probably should have been? Yes. But you have to spend hours if not days of computer time crunching packets to break WEP encryption. Someone with sufficient motivation could do that, but it's not the kind of thing that just anyone could do, and it's definitely not the kind of thing that can be done on a laptop in a few minutes by someone wardriving through your neighborhood.
And what's the payoff for all that work? Free, slow internet access if you park next to my house, until I catch you. Also, you can print nasty messages on my network attached printer, and you can look at the shared folders on my desktop if I've left it on (i.e., my vacation pictures). Who would bother?
Obviously, if you have deeply confidential stuff exposed on your network -- e.g., you're a lawyer or CPA and you share client files across your office network -- WEP might not be strong enough. But for home use, it's no more a "joke" than the lock on your car door: hardly impenetrable, but it will deter wrongdoers.
Or am I wise to just put in the Cat5 and have much faster speeds ... ?
If your broadband source is DSL or cable modem, it's likely that that will be the bottleneck in your connection, not wireless. If you've got dual T3s coming into your house, by all means lay wire.
You expect something like "Everything is OK" from slashdot?
Maybe you haven't been here very long...
An online Starcraft RPG? Only at
Online Starcraft RPG? At
Dietary fiber is like asynchronous IO-- Non-blocking!
Kent: Mr. Simpson, how do you respond to the charges that petty vandalism such as graffiti is down eighty percent, while heavy sack-beatings are up a shocking nine hundred percent?
Homer: Aw, people can come up with statistics to prove anything, Kent. Forfty percent of all people know that.
Kent: I see. Well, what do you say to the accusation that your group has been causing more crimes than it's been preventing?
Homer: [amused] Oh, Kent, I'd be lying if I said my men weren't committing crimes.
Kent: [pause] Well, touche'.
Finally, math books without any of that base 6 crap in them.
CAT5 is excellent and well worth all the crawling under the floorspace, sawing and drilling you haveta do. Especially for in-house applications where you may not be moving computers around all that much
However, wireless has its advantages too. It's nice to be able to carry a laptop around with you, setting it up here or there without having to run 50ft of cable around. Nice for if you want to sit outside and do some work too. It's just a convenience thing. It's the computer equivalent of having a cordless phone in many ways.
Point is though, you have to make the decision regarding whether it is right for you. But your basic facts seem pretty much in order.
Rich
What about Johnny Scriptkiddie two houses down with a Cantenna or something? Perhaps I'm too paranoid, but the thought of anyone rooting my boxes creeps me out. I use ssh on our wired LAN, and I know no-one's peeking in on that.
I've got a remote-monitored alarm system. Again, not invicible, but I guess I take security a little more seriously than most.
If your broadband source is DSL or cable modem, it's likely that that will be the bottleneck in your connection, not wireless. If you've got dual T3s coming into your house, by all means lay wire.
I'm aware that even 10BaseT is much faster than typical residential broadband rate. So is 802.11*. But I don't just surf the net.
I have multiple computers, and I share data between them. I just did a major backup-and-restore when I upgraded to a new machine on Sunday, and 100MBit is very nice for such things. Equivalent wireless speeds are, well, pricey. I don't even have a laptop right now, and with two kids, a wife, and a new house, I won't be spending much time on the computer anyway. I'm pretty sure I can wire up Cat5 faster than I can can configure three computers for transparent VPN in two different operating systems.
PHEM - party like it's 1997-2003!
Outlaw advertising.
no adds, no spam.
Read, L
>That means that something like 17% of the total connections were used for sending spam.
The other 83% were used to receive spam.
Voila! Case closed.
Glonoinha the MebiByte Slayer
I wouldn't necessarily say that, although I would say that you feel you need more security than most people do to get to your comfort level. There's nothing unreasonable about that.
The odds of your living near someone with the inclination and expertise to break your WEP -- which is not a staggering level of expertise, but above the script kiddie level -- is very, very small. I'm not aware that there are any programs in circulation that cryptologically unsophisticated people can use to bang away at their neighbor's WEP encryption. (I'm thinking of programs remotely comparable in ease of use to NetStumbler, which if you don't know it is a program that tells you how many wireless networks people are using within range of your antenna, what their station IDs are and a some other things.) Indeed, I'm not aware that there have been any reports of WEP having been broken outside of lab experiments, although I suppose we can't know that it's never happened.
It may well be that you wouldn't be comfortable with any wireless networking regardless of the encryption scheme used. However, using WEP is a level of magnitude stronger than what most people use to protect their personal possessions and private information, and so people shouldn't automatically reject it on the grounds that it's "broken."
Well, those people, who actually are trying to SPAM through open WLANs usually act because someone (like American Language Center) promised them money/cut of profits or something else. Problem is while WLANS can be more or less secured, and hijackers can be delt with, the main source is still intact. And, because in most cases companies will say "well WE did not send spam, we just hired Joe to advertise us" and get off the hook, WLAN hijacking will go on. Until all "Joe smartypans" spammers will be rooted out. Given the size of the population it's highly unlikely.
:)
Wait until SPAM on behalf of unsuspecting companies will be employed as 'crush the competitor' technique
Hyperom.com
2. Disruption: Spam brutally disrupt your every-day routine. I can waste an hour a day going through your personal or work mailbox to delete spam. Email is such a personal, direct form of communication, having so many unsolicited messages in your mailbox is intrusive and disruptive.
Paul Graham (the guy who wrote POPFile, probably the first bayesian spam filter) has a great eassy about why spam is bad. I couldn't say it better myself.
If I get even one false positive, it means I have to manually wade through the 35 SPAM (actual count today) messages I got today, just incase one was a false positive. In effect the spam matching effort is wasted because I still have to look at all the spam. I want spam elimination software to get rid of the spam so I can go on with my life without paying attention to it. When I have to pay attention to it at all, that means that the software is worthless.
False negatives are not as bad. If I can get rid of all the breast enhancement ads (without losing the gossip about some aunt who got enhancements) my life would be better. But if there is a flase match what is the point?
Email is a tool. I get messages every day that I need to read. Most people don't call me, and I used to encourage that as I would prefer to communicate over email. (almost as fast as a phone, but there is a chance to take those stupid things I tend to say back) Spam has made email nearly useless for general communication though.
Interesting link. AirSnort is not quite ready for prime time the way NetStumbler is, but it appears not to be terribly far away.
I would point out that the FAQ suggests that on average, a moderately busy network -- 4 persons surfing the Net continuously during business hours -- would take about 16 days to generate enough packets to permit cracking the encryption. Doing some rough math, that's about 500 hours of person-surfing. My home network generates maybe 10 hours of person-surfing a week, so it would take on average 50 weeks of continuous monitoring to crack my password, assuming that someone was inclined to devote that much time to the project. That suggests I should change my password every 3-6 months, but it doesn't suggest that WEP is so weak that wireless is a bad idea for me.
48.8% of statistics are made up on the spot. This was discovered in a study of Technical Support specialists from all over the world. It was a very scientific study using fingers from both hands.
That is a hasstle. Not for me, once I have it set up, but for those who want to contact me. I'm looking for a job now, I can't afford to let an otherwise good job slide by because whoever was trying to contact me has better things to do than figgure out what magic is needed to make my email work. There are many more job hunters than jobs right now, so they won't take the time to email me if I don't respond back right away.
I also question your notspam@example.com solution. Someday that will get onto the spammers lists, and then you have spam there too.