WLANs As Spam Conduit

Saint Aardvark writes "According to this article, a honeypot was recently set up on two wireless LANs. 25% of the connections observed were deliberate, and 71% of those were to send spam. Even more reason to take care of your ether." These statistics should be taken with a salt lick...

4 percent?

[f13nd]

what about the other 4%... was that accidental?

Clarity

[John Paul Jones]

The survey found that almost a quarter of unauthorised connections to the WLANs were intentional, with 71 percent used to send emails.

Umm... First, this means that 75% of the connections were not intentional? Is this the equivalent of 75 people saying they're sorry for stepping on your toes, while 25 people did it on purpose?

Second, define "emails". Is that 10? 10,000?

This seems a bit alarmist.

public spots

[saben78]

It's easy for the home and business admin to secure his/her AP. But how do public access places like airports and StarBucks counter drive by spamming?

Any ideas?

Re:Those stats don't seem that off to me.

[aweraw]

my 'Inbox' at work is about 10% legitimate e-mail...

60% legitimate mail? to me thats like heaven...

Re:Those stats don't seem that off to me.

[inaeldi]

I get about 1 spam message every few days on my main account. I just take very good care of where I use the email address.

My hotmail account on the other hand...

sounds like shit to me...

[drwho]

I've had an access point with public access set up in the middle of a major city for several years now, and have never seen a SINGLE spam attempt. As much as I hate spammers, I think this 'warning' is just hype.

I would like to call BS

[La Camiseta]

Ok, I admit it, I do tend to go out front of other's places and use their wireless connections. And yes, most of the time it's for email. But you have to realize that just because you're sending out a dozen or so emails, it doesn't mean that it's spam. I like to use my email client in offline mode, and so I kind of "save up" the emails to send later, and then send them all at once. It's not spam, it's just communication.

NoCat Auth

[jroysdon]

A good linux sysadmin could setup a multihomed Linux server between his AP(s) and broadband and use NoCat [nocat.net] authentication to block this sort of thing, while allowing surfing (or whatever else).

Re:How about...

[dev11]

Unsolicited email is annoying, but I guess what really angers me about the majority of the spam I get is:

Sleaziness. Penis enlargers, teen sluts, and porn of questionable legality. If I had young kids, this would really piss me off if they got sent this crap.

Fraud. This is somewhat related to the above. Most of these products are most likely frauds, or of questionable value. Masking your identity through forging headers, using open relays and the like. If your product is so great, you shouldn't have to hide yourself. Spam is the snake oil of the new century.

Intrusiveness. Embedding images in HTML email that the client fetches and confirms your email is "live", so it can be sold and put on more spam lists. I am still in the stone age and use pine and never HTML mail, but most non tech people use Outlook, which has this as default behavior. Also, claiming that I opted in and now I need to specifically opt out, with some form that probably just confirms my address is pretty low.

Volume. When I get 50 spam mail messages a day, and 10 or so legitimate messages, email as a communications medium is seriously flawed in it's present form. Many get hundreds of spams a day. Blacklists and Spam Assassin help some, but there are too many false positives.

Commercial email is OK, provided that I signed up for it and the company doesn't try to hide their identity. Some of this is actually useful at times. It would be nice if there could be an analog of a do not call list for email, but that is not technically feasible at present with the current protocol. A new protocol needs to be implemented. As much as I hate spam, I prefer technical solutions rather than handing control to the government. Even if there were spam laws (I know some states have them), they are ineffectual.

Re:Not that I buy the figures, but...

[weave]

Sigh, spammers ruin everything. I often use public hot spots when traveling to quickly slurp up some e-mail and send out pending e-mail (via an authenticated SMTP connection at my business host).

I have Mac Stumbler running on my laptop and it pings me whenever I drive past a hotspot. Sometimes the hotspot will be named "public" or "public hotspot" even. (Saw a few of these in Tempe, Arizona. Was pretty amazed, and grateful).

So if you're running one, I thank you.

a bit slow

[BenjyD]

In the honeypot test, the first unauthorised connection to the WLANs was made in just over two-and-a-half hours.

There was a TV show in the UK that recently did something similar to this with bike theft. They left an unlocked bicycle on the high street of a northern town and set up hidden cameras to watch. Somebody nicked the bike within 30 seconds of the owner walking away. I guess spammers are a bit slower than your average criminal.

You laugh

[Anonymous Coward]

But I work for a scumbag who does precisely that. Yes, drive by spamming is becoming very real. Think about it. You're a spammer, buying your own bandwidth is tricky and expensive. Every time you commit to a year's worth of T1 pipe your ISP wants to shut you down after the complaints against your first campaign come in. Your IP range is blacklisted in no time, and you've got to move again.

Instead of going through this process, scumbag spammer takes his laptop with him, has a map printed out of open WAPs, parks near one, and blasts out 10,000 emails. Before you figure out something is amiss, he's long gone.

Even if you intend to provide free access, you need to secure your WAP against mail abuse. My boss could get your broadband connection shut off if you don't.

Re:4 percent?

[Anonymous Coward]

except for the fact that it said that among those connections, 71% were used for EMAIL, not spam. Therefore, assuming they really got at least 400 connections, 100 of those being intentional, and 71 of those used for email, it might not necessarily be for spam. Probably just around 70% (+/- 1%) of the intentional connections were NOT used for spam, or if they were, were used by the same person for spam. if I connect 300 times, and send an email each time does it count it 300 times, or just once?

Spammers *ARE* looking for WLANs.

[Anonymous Coward]

Both forced entries onto the wireless network I administer were for the purpose of sending spam email. The distance between the two incidents was 27 miles away from one another--the emails were for different "products and/or services," so the assumption is that it was two different spammers.

Are spammers looking for open WLANs? Yes. And if they're not open, some are even attempting to find another way onto the network:

Personally, I'd never thought anyone would go to the lengths of MAC Address Spoofing, AirSnorting the WEP key, and launching a man-in-the middle attack to get user authentication information.

(Anonymous to protect my organization's identity.)