WLANs As Spam Conduit

Saint Aardvark writes "According to this article, a honeypot was recently set up on two wireless LANs. 25% of the connections observed were deliberate, and 71% of those were to send spam. Even more reason to take care of your ether." These statistics should be taken with a salt lick...

Re:Please, keep the internet free

[shadwwulf]

Even port leaving port 80 isn't safe due to the Form_Mail.pl security issue that is plauging web servers all over and dumping spam into a mail spool near you.

My point is that mearly blocking ports is never the answer, keeping your patches up to date and not running open relays is a simple solution.

My $0.02

Um...no.

[waldoj]

Wait, so this company, "Z/Yen," has determined that 71% of malicious connections to wireless networks are used for sending spam, and they've done so on the strength of setting up a grand total of two WiFi hotspots in one unspecified city (which I assume to be London, because that's where they're located) for an unspecifed time span...and this leads to conclusive results? That's just stupid.

In other news, based on my survey of my apartment, 75% of people are running Mac OS X, and 25% are running Linux.

-Waldo Jaquith

Serious?

[molrak]

So let me get this straight. As opposed to just sitting in the apartments or offices or whatever, spammers are now riding around major urban areas trying to find insecure wireless networks? This, to me, would seem to be a tremendous waste of time.

I'll admit, I don't understand why people spam; but the economics of such a thing simply don't seem practicle. The 25% would seem to be about right to me, but that 18% of the total was just for spam, just doesn't seem to add up.

Then again, as Mark Twain said, "There are three kinds of lies: lies, damned lies and statistics."

These statistics should be taken with a salt lick

[Anonymous Coward]

These statistics should be taken
with a salt lick...

God chris, if you're going to come up with a snotty retort like that, you should back up your argument with some DATA.

These people have published their methodology and results in order to back up their assertions.

What evidence do you have that wireless activity ISN'T being used for illegit activity.

At the very least, even if only 5% of the connections are used to send spam, this article should serve as a reminder: PROTECT YOUR WIRELESS CONNECTIONS!

GOd, there are so many open wireless connections out in the wild. Cover them up people!!!

Misquote

[Mattygfunk1]

... and 71% of those were to send spam.

The summary misquotes the article here. 71% of the connections sent email - not necessarily spam email. I am surprised the figure wasn't higher.

Anyway it is hardly groundbreaking news that you have to secure wireless internet connections.

_____
cheap web site hosting [cheap-web-...ing.com.au]

Bad logic.

[twitter]

Huh? What statistics? Where was this thing set up? How many hits did they record, 4? Did they deliver the spam? Was the welcome message, "Tell all your leet friends about the spam relay here!" Is someone at the RSA office the type that thinks they can make a fast buck selling dick enlargers? F+

The study, as presented is useless except to divide people. They might have just as well said that the internet itself was evil for enabling spam. I can say the same thing about materials used to make billboards. The RSA says, "Don't share, people." Great!

You arent kidding

[t0ny]

so that means that, citing their statistics, at least 30% of people have closet spammers living near them. Ya right!

I mean, Im sure most people living near me wouldnt mind downloading pr0n with my connection, but sending spam? Even if they had said hacking I would consider that a stretch. Its not like every kiddy is a script kiddy.

Well.. duh.. but seriously, it's wild out there.

[smeenz]

The finding doesn't surpise me much. As far as I'm concerned, a wireless lan should be considered at least as dangerous as your internet connection, and should be firewalled appropriately. What makes them more dangerous is that it's like having your users sit in your DMZ.. their laptops with wireless cards can be wide open and they don't have a clue. I guess it's just like when those users use a dialup modem account without a firewall, but because they're often connected to the corporate network via a vpn etc, they believe they are somehow more secure. They might well have a ipsec or mppe vpn active, but that doesn't usually stop windows from listening on ports 137/138/445. And how many windows users do you really think are going to run a 'personal' firewall and/or understand what they've got themselves into by going wireless.

Re:4 percent?

[edrugtrader]

how does this get modded up... 25% were deliberate and 71% OF THOSE were used to send spam.

that means 75% were not deliberate.

Re:One day /. will implode

[chunkwhite86]

The PATRIOT act is used to define SPAM as terrorism.

I hope so... If we start hunting down spammers with the same tenacity as if they were terrorists... we'd all be better off.

E-mail or spam?

[stuartkahler]

It didn't clearly state whether they checked if the unauthorized connections were actually sending bulk e-mail (spam), or just normal users using the open net connection to send out their e-mail. I could see people writing e-mails and saving them for when they happen by an open wlan.

Do any e-mail programs automatically send out pending messages as soon as a network connection is detected?

Built in sharing?

[gad_zuki!]

> Block all ports except 80 if you have to... just don't take away my free access!

I would if I could. I wouldn't mind sharing some of my connection with the people in my neighborhood, but security and just the nature of tcp/ip to go as fast as it can means it just ain't gonna happen. Not am I willing to set up more network equipment, VPN, etc.

I'd love to see a built in DMZ with port 80 open and bandwidth thortling if I choose to share. Heck, this would probably solve half your security issues right there. Inept users would have a working link (just web/webmail) and a much more secure home network if they didn't bother to read the instructions and just plugged the thing in. Techies and free information types would have an easy way to share access to strangers.

I live two doors away from a coffeeshop and with a second AP placed strategically near the window I should be able to get on the net from there.

It would be nice if the next Linksys or whomever's firmware update had a "share a fraction of your connection for web users" option.

Re:How about...

[evilviper]

Seeing the incredible anti-spam sentiment is quit amazing to me. It seems to be a bit out-of-proportion to the actions in question.

From what I've seen on /., it seems like GW Bush would just have to say that Iraq was the #1 source of spam, and the opposition to war would have disappeared right away.

Maybe it'll enter our vocabulary soon, as some sort of curse word.

Murder

Rapist

Spammer

Can't believe it

[sharok]

Spammers taking time to wander around war riding ?
Get real, they don't waste their time like that. They send out a billion spams on a high speed cable line then go golfing (or whatever).

darn

[jago25_98]

for someone who loves the idea of free(er) public networks via wireless this is a stick in the throat :/

a minority ruins for the majority once again.

can't we get rid of open email and just use private acl's?
this is what I'm going to go for my next account.

Re:Those stats don't seem that off to me.

[Blkdeath]

I've read repeatedly that some percentage of all email is spam. I think the number that usually gets thrown around is 40%.

I can't remember the last time I got that much legitimate email...

People like you are balanced out by people like me. I use "Contact Me" forms on my website rather than my e-mail address, I don't give out my real address, and I use a throw-away address for mailing lists and a free e-mail address (Softhome, Yahoo, etc.) for submitting to forms on the web where I have no choice.

Only recently, and only through negligence on my part (posted to a couple mailing lists with my real address) have I ever received SPAM to a production e-mail address. I think I'm up to a total of ten SPAMs in the past decade.

Of course, if you use a free web based e-mail provider, all bets are off. Those seem to get SPAMmed like there's no tomorrow. My little brother got a Hotmail account comprised of seemingly random letters and numbers (it was like "cewlgy007"; phonetically "Cool Guy Double-Oh-Seven") and was receiving pornography SPAM within two weeks. By about a week later, his INBOX was so crammed with the stuff the account became useless.

I really wonder how these stats are gathered.

Mail servers / filters often keep stats, so the filters from major ISPs are analyzed and the stats likely extrapolated from there. I'm no statistician so I won't elaborate, but that's my best guess.

Now then, back to the topic ...

The article is FUD. The headline is a scare tactic, the stats are garbage, and the conclusions only ring true based on empirical evidence. Yes, wide-open WLANs are used for malicious purposes every day. A simple DC converter, my laptop, and my bland million-just-like-it Cavalier becomes a DDoS/SPAM/H4x0r staging ground. I could drive the streets of Toronto (hey - traffic jam - more time!) all day long attacking people all over the world from a different address every time. Get a couple friends in on it and we've got ourselves a party!

The solution is for companies implementing WLANs to atleast enable WEP. People aren't going to sit and run down their car battery (and expensive gas) waiting to crack a WEP key when they can find an easier target down the road. Coffee shops and the like that allow open WLANs should restrict traffic by port and proxy all traffic - with filters imposed.

People should also tell their Congress-Critters that war drivers who publicize open WLANs are NOT TERRORISTS! These people are helping by raising awareness of open access to the Internet, intentionally or otherwise. People just have to learn to pay the hell attention and do something about it. I mean, seriously, someone comes along and tells you that you have an easily correctable hole in your network that could be used maliciously and cost you thousands (millions?) of dollars - and you want to throw THEM in prison? Get real!

Anyways, this article doesn't seem terribly worth further discourse, so colour me outta here ...