Re: Drive-by spam hits wireless LANs
Getting your entire corporate LAN dumped into the RBL mess could be devastating, how much productivity lost? How much time wasted getting OFF the RBL? How many contacts missed, correspondences missed? You could be getting into a very rough ride for some days to some weeks, as the block information propagates down the food chain, then as the un-block does likewise. Its just better to take the defensive and encrypt in the first place. Agreed, for cyber-squatter places like coffee shops and airports, this could be a pain. At 08:01 9/11/02 -0400, you wrote: >On Wed, Sep 11, 2002 at 12:45:23PM +0200, John Angelmo wrote: > > Just cause there are unprotected WLANs dosn't imply that spammers use > > them (perhaps its to hard for the spammers ;)). > > Corporations should protect ther WLANs but saying that spamming is a > > great threat is to overdo it. > > To some extent. > > Imagine a few of the following scenarios: > > 1) You wok for an ISP and have access through them. One large >enough that they apply their AUP to their own people. You have ISDN/DSL >or some other connection w/ reverse-dns for your personal domain @ home. >Someone drives by your place, finds your unprotected lan, sends spam, hacks, >etc.. complaints come in, you lose job because you were a spammer and >your employer needs to stop, etc. > 2) You are a small company, someone does this, and you get >blacklisted as a spamhaus. you are unable to get internet access. > 3) you have a cable modem as your only high-speed connectivity. >you have one of the linksys/whatever nat+802.11a/b boxen. you >get used, you get blacklisted and can not get high-speed pr0n again.
Re: Drive-by spam hits wireless LANs
* [EMAIL PROTECTED] (David Lesher) [Wed 11 Sep 2002, 20:38 CEST]: > As it happens, I'm looking at a consumer 802.11 product that will > have real encryption. > It should be released Real Soon Now & I'll be happy to say more > when that happens.. No Wires Needed is among the companies working on bringing some real crypto to wireless networking (no idea if you meant them specifically), but I have no idea whether their work will be open-standards based. Regards, -- Niels. -- "Patient" is Latin for "sufferer".
Re: Drive-by spam hits wireless LANs
{WEP != encryption... thread}
As it happens, I'm looking at a consumer 802.11 product that will
have real encryption.
It should be released Real Soon Now & I'll be happy to say more
when that happens..
--
A host is a host from coast to [EMAIL PROTECTED]
& no one will talk to a host that's close[v].(301) 56-LINUX
Unless the host (that isn't close).pob 1433
is busy, hung or dead20915-1433
Re: Drive-by spam hits wireless LANs
One thing I've noticed that may be an anti-spam measure: STN, the ISP
that servers Marriott hotels (among others) seems to have a
"transparent" proxy intercepting outbound traffic to port 25. Not sure
why they'd do that except to deter check-in spammers. They *don't* do
anything with traffic to port 80, as best I can tell.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com ("Firewalls" book)
Re: Drive-by spam hits wireless LANs
On Wed, 11 Sep 2002, Jared Mauch wrote: > There are a lot of things one can do: > 1) enable wep > 2) rotate wep keys > 3) authenticate by mac-address > 4) restrict dhcp to known mac-addresses > 5) force utilization of vpn/ipsec client Suddenly laying down UTP doesn't seem so bad anymore... > Obviously not all of these solutions are available > in all cases, but in a home or small lan-environment a subset of > these will increase security (even if it's reinforcing the screen door > with 1/16" of balsa wood) You can forget rotating WEP keys on anything that isn't four times as expensive as what most people have at home. Authentication by MAC address doesn't buy you anything since someone else can "borrow" the MAC address. Does anyone have experience with using asymmetric WEP keys? (= key 1 for AP -> client and key 2 for client -> AP.) I'm thinking about doing this so I can at least obscure my upstream traffic even if the downstream WEP key is public knowledge. Obviously this isn't anything near safe, but this way I'd risk the inconvenience of someone stealing my HTTP cookies or passwords and messing up my settings for some non-essential web services. (Anything even remotely sensitive will run over SSH or SSL of course.)
Re: Drive-by spam hits wireless LANs
* [EMAIL PROTECTED] (Al Rowland) [Wed 11 Sep 2002, 19:13 CEST]: > The cost of enabling/labeling may be only a 'few cents more' but the > cost of support when Joe Sixpack forgets his key/loses the label is > another story altoghether. There's a reason most equipment, not just > wireless, is deliverd in 'chimp simple' configuration... Lucent access points - at least, the residential gateways - actually come with WEP enabled by default. (Not that it's beyond trivial to guess the key, though) Regards, -- Niels. -- "Patient" is Latin for "sufferer".
RE: Drive-by spam hits wireless LANs
Wanna bet if Joe Sixpack bothers to re-enable anything he doesn't have to after his first use of the clear config button/power cycle? This also breaks physical security. Find the power panel on the house (accessible by fire code) cycle the power, hack into the now open system... Hey, that's just as plausible as most of the other scenarios in this thread. :O That's why my Linksys maintains its state through a power cycle. One of the reasons I specifically selected it. As far as the microwave, RTFM. Oh, wait, if its not a new house the original Joe Sixpack typical "I don't need no stupid manual" 'Merican likely threw them away. Might try the manufacturer's web site. Many include PDF manual files and maybe even a Customer Support page. Apologies if you've already been there. Best regards, _ Alan Rowland -Original Message- From: Jared Mauch [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 11, 2002 10:16 AM To: Al Rowland Cc: [EMAIL PROTECTED] Subject: Re: Drive-by spam hits wireless LANs This is what console ports / direct cable connects to a mgmt port (usb or whatnot) are useful for. As well as an overall 'clear config' button on the unit. Now if someone can help me figure out the unlock code for the microwave in the house i bought so i can stop unplugging it, let me know :) - jared On Wed, Sep 11, 2002 at 10:11:12AM -0700, Al Rowland wrote: > > The cost of enabling/labeling may be only a 'few cents more' but the > cost of support when Joe Sixpack forgets his key/loses the label is > another story altoghether. There's a reason most equipment, not just > wireless, is deliverd in 'chimp simple' configuration...
Re: Drive-by spam hits wireless LANs
> In some way you are right, but still I think it's even worse to use WEP > cause then the admins might think it's safe, it takes about 15 minutes > to crack a wepkey, so instead of drive-by spamming you could call it > drive-by, have a bagle, start spamming. WEP != security, true. > The most hardware/software indipendent solution I have seen so far is > the use of VPN, simply place the WLAN outside your own LAN. This would prevent drive-by spamming if combined with a filtering policy that makes the wireless LAN useful only for (authenticated) VPN access and the minimal amount of glue (DHCP, DNS to a specific resolver) required to make the VPN work. If the wireless LAN has access to any host you don't control directly, the risk of there being a conduit to access the wireless LAN in ways that you don't intend goes up. Stephen
Re: Drive-by spam hits wireless LANs
This is what console ports / direct cable connects to a mgmt port (usb or whatnot) are useful for. As well as an overall 'clear config' button on the unit. Now if someone can help me figure out the unlock code for the microwave in the house i bought so i can stop unplugging it, let me know :) - jared On Wed, Sep 11, 2002 at 10:11:12AM -0700, Al Rowland wrote: > > The cost of enabling/labeling may be only a 'few cents more' but the > cost of support when Joe Sixpack forgets his key/loses the label is > another story altoghether. There's a reason most equipment, not just > wireless, is deliverd in 'chimp simple' configuration...
Re: Drive-by spam hits wireless LANs
On Wed, Sep 11, 2002 at 07:08:53PM +0200, John Angelmo wrote: > Jared Mauch wrote: > In some way you are right, but still I think it's even worse to use WEP > cause then the admins might think it's safe, it takes about 15 minutes > to crack a wepkey, so instead of drive-by spamming you could call it > drive-by, have a bagle, start spamming. I'm not trying to fix the underlying wireless encryption option just provide a simple way that the manufacturers can ship a 'more secure' out-of-the-box-product. > The most hardware/software indipendent solution I have seen so far is > the use of VPN, simply place the WLAN outside your own LAN. Absolutely. There are a lot of things one can do: 1) enable wep 2) rotate wep keys 3) authenticate by mac-address 4) restrict dhcp to known mac-addresses 5) force utilization of vpn/ipsec client Obviously not all of these solutions are available in all cases, but in a home or small lan-environment a subset of these will increase security (even if it's reinforcing the screen door with 1/16" of balsa wood) - jared -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
RE: Drive-by spam hits wireless LANs
The cost of enabling/labeling may be only a 'few cents more' but the cost of support when Joe Sixpack forgets his key/loses the label is another story altoghether. There's a reason most equipment, not just wireless, is deliverd in 'chimp simple' configuration... Best regards, _ Alan Rowland -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jared Mauch Sent: Wednesday, September 11, 2002 5:01 AM To: John Angelmo Cc: Neil J. McRae; blitz; [EMAIL PROTECTED] Subject: Re: Drive-by spam hits wireless LANs On Wed, Sep 11, 2002 at 12:45:23PM +0200, John Angelmo wrote: > Just cause there are unprotected WLANs dosn't imply that spammers use > them (perhaps its to hard for the spammers ;)). > Corporations should protect ther WLANs but saying that spamming is a > great threat is to overdo it. To some extent. Imagine a few of the following scenarios: 1) You wok for an ISP and have access through them. One large enough that they apply their AUP to their own people. You have ISDN/DSL or some other connection w/ reverse-dns for your personal domain @ home. Someone drives by your place, finds your unprotected lan, sends spam, hacks, etc.. complaints come in, you lose job because you were a spammer and your employer needs to stop, etc. 2) You are a small company, someone does this, and you get blacklisted as a spamhaus. you are unable to get internet access. 3) you have a cable modem as your only high-speed connectivity. you have one of the linksys/whatever nat+802.11a/b boxen. you get used, you get blacklisted and can not get high-speed pr0n again. While these seem like minor annoyances in some cases, they can be quite dramatic to the person on the receiving end. I wish the wireless vendors would use a somewhat more inteligent approach and turn WEP on by default when shipping their units and at the cost of a few cents more they can print a sticker on the box that can be removed later that has the uniqe WEP key for that unit. Similar to the way when you go to the hardware store you can play match-up to get the same key for multiple locks. - Jared -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Re: Drive-by spam hits wireless LANs
Jared Mauch wrote: > Imagine a few of the following scenarios: > > 1) You wok for an ISP and have access through them. One large > enough that they apply their AUP to their own people. You have ISDN/DSL > or some other connection w/ reverse-dns for your personal domain @ home. > Someone drives by your place, finds your unprotected lan, sends spam, hacks, > etc.. complaints come in, you lose job because you were a spammer and > your employer needs to stop, etc. > 2) You are a small company, someone does this, and you get > blacklisted as a spamhaus. you are unable to get internet access. > 3) you have a cable modem as your only high-speed connectivity. > you have one of the linksys/whatever nat+802.11a/b boxen. you > get used, you get blacklisted and can not get high-speed pr0n again. > > While these seem like minor annoyances in some cases, they > can be quite dramatic to the person on the receiving end. I wish > the wireless vendors would use a somewhat more inteligent approach and > turn WEP on by default when shipping their units and at the cost of > a few cents more they can print a sticker on the box that can be > removed later that has the uniqe WEP key for that unit. Similar to > the way when you go to the hardware store you can play match-up to get > the same key for multiple locks. > Hi In some way you are right, but still I think it's even worse to use WEP cause then the admins might think it's safe, it takes about 15 minutes to crack a wepkey, so instead of drive-by spamming you could call it drive-by, have a bagle, start spamming. The most hardware/software indipendent solution I have seen so far is the use of VPN, simply place the WLAN outside your own LAN. /John
RE: Drive-by spam hits wireless LANs
I believe the question was use of the access to spam, not just that the majority of users leave their equipment (all, not just the wireless part) in the original, out-of-the-box configuration. Remember those comments on the flahsing 12:00 on most VCRs? BTW, everyone out there with a random number/character upper/lower case password at least 12 characters long on every piece of equipment they own, different username/password on each piece please, raise your hand. Thought so. ;) Note my hand is not raised. I'd go nuts. Although the approriate pieces do conform to this. Best regards, _ Alan Rowland -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Neil J. McRae Sent: Wednesday, September 11, 2002 3:37 AM To: John Angelmo Cc: blitz; [EMAIL PROTECTED] Subject: Re: Drive-by spam hits wireless LANs > I must be honest, I havn't heard of any reports here in Sweden (or > anywhere else) that this is a real problem, are there any true incidents > that this has happend? Yes. If you sit with your laptop in the park across from our office you can see 3 unprotected wireless domains. There was an article [although I can't remember what publication] featuring a few people driving through the City of London [London's financial community area] they found serveral unprotected LANs. Regards, Neil. -- Neil J. McRae - Alive and Kicking [EMAIL PROTECTED]
Re: Drive-by spam hits wireless LANs
>I agree, but people said that the spammers wouldn't be able to >deal with BGP route advertisement but there was cases of spammers >injecting routes sending out spam then removing those routes. Wlan is >easy. Spammers come from every walk of life including the various technical professions. Otherwise where would all the spamming software and web-scraping software come from!? Just because someone is a technical expert in BGP routing doesn't mean that they will use their skills the way that many NANOG attendees would like them to. Even in the early days of spam, the green-card spammers hired a technical person to set up servers and write spamming scripts. And let's now forget the uber-hackers who create the scripts used so effectively by script-kiddies. And let's not forget, these spammer geeks learn the knowledge from the same places as everyone else, including the NANOG mailing list. I reckon there is a 99.95% probability that there is at least one NANOG subscriber who is a currently an active spammer geek. So if WLANs were relatively safe yesterday, they won't be safe from now on. Of course, if spammers are reduced to driving around major cities in vans generating 802.11b radio traffic, it might be a lot easier to catch them... --Michael Dillon
Re: Drive-by spam hits wireless LANs
On Wed, Sep 11, 2002 at 12:45:23PM +0200, John Angelmo wrote: > Just cause there are unprotected WLANs dosn't imply that spammers use > them (perhaps its to hard for the spammers ;)). > Corporations should protect ther WLANs but saying that spamming is a > great threat is to overdo it. To some extent. Imagine a few of the following scenarios: 1) You wok for an ISP and have access through them. One large enough that they apply their AUP to their own people. You have ISDN/DSL or some other connection w/ reverse-dns for your personal domain @ home. Someone drives by your place, finds your unprotected lan, sends spam, hacks, etc.. complaints come in, you lose job because you were a spammer and your employer needs to stop, etc. 2) You are a small company, someone does this, and you get blacklisted as a spamhaus. you are unable to get internet access. 3) you have a cable modem as your only high-speed connectivity. you have one of the linksys/whatever nat+802.11a/b boxen. you get used, you get blacklisted and can not get high-speed pr0n again. While these seem like minor annoyances in some cases, they can be quite dramatic to the person on the receiving end. I wish the wireless vendors would use a somewhat more inteligent approach and turn WEP on by default when shipping their units and at the cost of a few cents more they can print a sticker on the box that can be removed later that has the uniqe WEP key for that unit. Similar to the way when you go to the hardware store you can play match-up to get the same key for multiple locks. - Jared -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Re: Drive-by spam hits wireless LANs
Neil J. McRae wrote: >>Just cause there are unprotected WLANs dosn't imply that spammers use >>them (perhaps its to hard for the spammers ;)). >>Corporations should protect ther WLANs but saying that spamming is a >>great threat is to overdo it. > > > I agree, but people said that the spammers wouldn't be able to > deal with BGP route advertisement but there was cases of spammers > injecting routes sending out spam then removing those routes. Wlan is > easy. > > Neil. Yes you are right, but I think that the article on news.com dosn't contain any valuable information but are just there to scare ppl. It isn't so hard to make admins secure the open hotspots, the problem is how to handle ppl who buy hour access at a café. (IMHO) /John
Re: Drive-by spam hits wireless LANs
> Just cause there are unprotected WLANs dosn't imply that spammers use > them (perhaps its to hard for the spammers ;)). > Corporations should protect ther WLANs but saying that spamming is a > great threat is to overdo it. I agree, but people said that the spammers wouldn't be able to deal with BGP route advertisement but there was cases of spammers injecting routes sending out spam then removing those routes. Wlan is easy. Neil. -- Neil J. McRae - Alive and Kicking [EMAIL PROTECTED]
Re: Drive-by spam hits wireless LANs
Neil J. McRae wrote: >>I must be honest, I havn't heard of any reports here in Sweden (or >>anywhere else) that this is a real problem, are there any true incidents >>that this has happend? > > > Yes. If you sit with your laptop in the park across from our office > you can see 3 unprotected wireless domains. There was an article [although > I can't remember what publication] featuring a few people driving through > the City of London [London's financial community area] they found > serveral unprotected LANs. > > Regards, > Neil. Just cause there are unprotected WLANs dosn't imply that spammers use them (perhaps its to hard for the spammers ;)). Corporations should protect ther WLANs but saying that spamming is a great threat is to overdo it. Regards John
Re: Drive-by spam hits wireless LANs
> I must be honest, I havn't heard of any reports here in Sweden (or > anywhere else) that this is a real problem, are there any true incidents > that this has happend? Yes. If you sit with your laptop in the park across from our office you can see 3 unprotected wireless domains. There was an article [although I can't remember what publication] featuring a few people driving through the City of London [London's financial community area] they found serveral unprotected LANs. Regards, Neil. -- Neil J. McRae - Alive and Kicking [EMAIL PROTECTED]
Re: Drive-by spam hits wireless LANs
blitz wrote: > > >> >> >> And you think the terresterial sources are hard to shut down.... > > > > >> Drive-by spam hits wireless LANs >> >> By Graeme Wearden >> Special to CNET News.com >> September 6, 2002, 10:14 AM PT >> http://news.com.com/2100-1033-956911.html >> >> LONDON--The proliferation of insecure corporate wireless networks is >> fueling the growth of drive-by spamming, a security expert warned on >> Thursday. > I must be honest, I havn't heard of any reports here in Sweden (or anywhere else) that this is a real problem, are there any true incidents that this has happend? /J
Re: Drive-by spam hits wireless LANs
It always figures, that when you create a commons, virtual or actual that someone will come along and mess it up. joelja On Tue, 10 Sep 2002, blitz wrote: > > > > > > > >And you think the terresterial sources are hard to shut down.... > > > > >Drive-by spam hits wireless LANs > > > >By Graeme Wearden > >Special to CNET News.com > >September 6, 2002, 10:14 AM PT > >http://news.com.com/2100-1033-956911.html > > > >LONDON--The proliferation of insecure corporate wireless networks is > >fueling the growth of drive-by spamming, a security expert warned on > >Thursday. > -- -- Joel Jaeggli Academic User Services [EMAIL PROTECTED] --PGP Key Fingerprint: 1DE9 8FCA 51FB 4195 B42A 9C32 A30D 121E -- In Dr. Johnson's famous dictionary patriotism is defined as the last resort of the scoundrel. With all due respect to an enlightened but inferior lexicographer I beg to submit that it is the first. -- Ambrose Bierce, "The Devil's Dictionary"
Drive-by spam hits wireless LANs
> > >And you think the terresterial sources are hard to shut down >Drive-by spam hits wireless LANs > >By Graeme Wearden >Special to CNET News.com >September 6, 2002, 10:14 AM PT >http://news.com.com/2100-1033-956911.html > >LONDON--The proliferation of insecure corporate wireless networks is >fueling the growth of drive-by spamming, a security expert warned on >Thursday.
