Log in

View Full Version : Open Wi-Fi Networks Being Used For Spammers?


Janak Parekh
09-08-2004, 05:30 AM
<div class='os_post_top_link'><a href='http://www.securityfocus.com/news/9453' target='_blank'>http://www.securityfocus.com/news/9453</a><br /><br /></div><i>"A Los Angeles man accused of using other people's wi-fi networks to send thousands of unsolicited adult-themed e-mails has entered into a plea agreement with prosecutors in a case filed under the criminal provisions of the federal CAN SPAM Act, officials confirmed Friday...Tombros was charged last month with a single felony under the criminal provisions of the CAN SPAM Act. He allegedly drove around the Los Angeles beachfront suburb of Venice with a laptop and a wi-fi antenna sniffing out unsecured residential access points, which he then used to send thousands of untraceable spam messages advertising pornography sites. An FBI spokesperson said Tombros obtained the e-mail addresses from a credit card aggregation company where he used to work."</i><br /><br />8O If you haven't locked down your access point at home yet, <b>now</b> is a good time to do so. Too bad the people who keep their routers open as "linksys" probably don't read PPCT. :|

nuka_t
09-08-2004, 05:37 AM
my wifi is unencrypted. when i put 128bit on it(havent tried 64) it would keep cutting off an disconecting, turning it off fixed that, so i just keep an eye on the usage to make sure noone starts taking advantage of it.

Newsboy
09-08-2004, 05:58 AM
Why worry about encryption? Just turn the MAC filter on, and only allow the base station to talk to YOUR WiFi devices. Yes, MAC addresses can be spoofed, but it's much easier to just find an open base station than to go to the trouble of spoofing a MAC address.

Brad Adrian
09-08-2004, 06:04 AM
I guess we really shouldn't be surprised that these kinds of things are happening. Any time that one person's vulnerability can be exploited by unscrupelous jerks, the jerks will do their best to do so. I don't want to sound too pessimistic, but I try not to underestimate how greedy and goofy people can be.

That said, I think it is safe to say that the weakest link in these security issues is not the technology, it's the people. Hackers don't usually get into networks through "brute force" attackes, they get in via a human's shortsightedness or refusal to implement security tools and policies.

szamot
09-08-2004, 06:06 AM
yes but then how are you supposed to know what your neighbours are up to if you can't go \\192.168.x.x\C$ :wink:

Yeah people lock them up, and if you are not going to at least move them closer to the window. :twisted: some of us need lan speed connection at home.

tddisc
09-08-2004, 06:35 AM
But how was the guy caught? That isn't mentioned in the article.

TD

dangerwit
09-08-2004, 07:06 AM
I guess we really shouldn't be surprised that these kinds of things are happening. Any time that one person's vulnerability can be exploited by unscrupelous jerks, the jerks will do their best to do so. I don't want to sound too pessimistic, but I try not to underestimate how greedy and goofy people can be.

That said, I think it is safe to say that the weakest link in these security issues is not the technology, it's the people. Hackers don't usually get into networks through "brute force" attackes, they get in via a human's shortsightedness or refusal to implement security tools and policies.

Totally agree... the best hackers who've spilled the beans always cite human behavior as the main hack. It's too easy to get information that way...

I'm a nerd, though, so I walked around my neighborhood and found three open access points from the road. Talked to all the owners, they wanted to fix it, but don't care enough to actually do it. :? So, no worries.

I turned off my SSID broadcast and use WEP. My company is pouring $$ into researching the most economical, safest security measures. When they decide, I'm gonna do what they decide on. :)

*Phil

Thinkingmandavid
09-08-2004, 10:01 AM
Howdy,
People really should be more careful what they are broadcasting.
I recently was visiting my mother in Houston since she is dying of cancer. I stayed at a friends place. He works for T-Mobile and was testing out the Ipaq 6300 for the weekend. I was driving in his neighborhood and he was testing it out. He picked up at least 8 other wi fi connections in the neighborhood while I was driving. None with security, and all available for usage.
It goes to show more people need to becareful what they are broadcasting.
Oh, and Linksys was on there more than once! 8O

mrkablooey
09-08-2004, 11:02 AM
I keep mine "hidden" so you can't see it w/o entering the network name (using an Apple Airport base station). Of course I can see a "linksys" from my iBook though!

These threads are interesting, usually by now there are folks who say to leave your router open to "share the wealth" so to speak.

SiliconAddict
09-08-2004, 12:47 PM
A few (obvious) steps to secure your wireless router:

1. Change the default password of the router's administrator account to a 'strong' password.
2. Change the name of the router from the default 'linksys' etc. to something meaningless.
3. Turn off SSID broadcasting.
4. Change the router IP address and the scope of the DHCP server from the default 192.168.*.* to something less obvious like 202.167.*.*. Or disable the DHCP server altogether and use fixed IP addresses, also in another range than the default 192.168.*.*.
5. Use MAC address filtering.
6. Use WPA encryption if your router supports it or else WEP, use 'strong' keys and change keys regularly.

I think the above steps are appropriate to the average home user. Yes I know, all these measures can't prevent your router/network from being hacked. But they probably are the best you can do with the average home router, and they surely are a lot better than doing nothing.

Try not to let the paranoia get to you. Attackers which are capable of circumventing the above measures are fairly sophisticated, and therefore comparatively rare, and generally target victims which are more interesting than the average home user.

See also my last post.

PatrickD
09-08-2004, 12:58 PM
Why worry about encryption? Just turn the MAC filter on, and only allow the base station to talk to YOUR WiFi devices. Yes, MAC addresses can be spoofed, but it's much easier to just find an open base station than to go to the trouble of spoofing a MAC address.

Without encryption all your traffic (including your MAC address) is transmitted throught the air in the clear. Anyone can sniff your network and get any passwords, pin numbers, and credit card info that you may use while surfing. People should also be careful when using public hotspots that don't employ WEP for the same reason. Make sure any site you send confidential data to is using SSL.

gorkon280
09-08-2004, 01:35 PM
A few (obvious) steps to secure your wireless router:

1. Change the default password of the router's administrator account to a 'strong' password.
2. Change the name of the router from the default 'linksys' etc. to something meaningless.
3. Turn off SSID broadcasting.
4. Change the router IP address and the scope of the DHCP server from the default 192.168.*.* to something less obvious like 202.167.*.*. Or disable the DHCP server altogether and use fixed IP addresses, also in another range than the default 192.168.*.*.
5. Use MAC address filtering.
6. Use WPA encryption if your router supports it or else WEP, use 'strong' keys and change keys regularly.


I agree with everything except the change of IP scope. First, the IP doesn't matter. It could be 172. something or whatever. Changing it does NOTHING for security. Even if you wanted to prevent people from pinging internal machines, they can still do it if they have an IP on your network. Calculating all adresses on a certain class C is EASY.

Additionally, you may want to load a Open Source alternate firmware if your running the WRT54G as doing so adds a host of features, some security related. Features like a Static DHCP server. My machines always have the same IP and the configuration of the desktop is the same as if you were using regular DHCP. The best part is it will only give you an IP if you match the MAC in the list. There are other features of the alternate firmwares like QOS rules you can set up and other things that make VoIP work better. Some might say do I feel less comfortable using something other than Linksys own firmware. Actually I feel better about using that then a closed source alternative because more people look at the code then a closed source product and they find vulnerabilities faster.

gorkon280
09-08-2004, 01:38 PM
Why worry about encryption? Just turn the MAC filter on, and only allow the base station to talk to YOUR WiFi devices. Yes, MAC addresses can be spoofed, but it's much easier to just find an open base station than to go to the trouble of spoofing a MAC address.

Without encryption all your traffic (including your MAC address) is transmitted throught the air in the clear. Anyone can sniff your network and get any passwords, pin numbers, and credit card info that you may use while surfing. People should also be careful when using public hotspots that don't employ WEP for the same reason. Make sure any site you send confidential data to is using SSL.

I may add that if your CC info is going over ANY network unencrypted, you are in more trouble then you think you are!

If your using a SSL encrypted web site for making a purchase, even if your WiFi network is unencrypted, your CC# is still encrypted.

Jon Westfall
09-08-2004, 03:39 PM
WEP never worked right for me on my belkin access point, but I'm considering implementing it on my new linksys routers. I have MAC filtering on all of them (Its not easy to guess a mac address) and my SSID is either 'stayout' or 'balloon'.

A note on SSL: Here is the scary thing that I've seen first hand. Install an SSL cert for a customer, they start taking orders, and EMAILING THE CC NUMBER unencrypted to themselves for processing. Anyone setting up an online shop really has to remember things like this - if you're going to process the CC number manually, make sure you view it on an SSL driven admin section of your site!

bjornkeizers
09-08-2004, 03:48 PM
These threads are interesting, usually by now there are folks who say to leave your router open to "share the wealth" so to speak.

Sorry I'm late. Public transportation sucks.

My network is quite open. I don't use WEP and I don't have mac filtering. I changed the password but that's it.

Why?

Several reasons. For one, I'm an avid wardriver. I love to find open networks to check my mail, or just wardrive for fun. So what if someone drives buy and checks their Email. I'm not on a main road, so the chance of that happening is slim anyway. And on the off chance that they do drop by, I have cable and I pay a flat rate. You want to check your mail on my net? You're more then welcome. Hell, you can even get a cup of coffee if I'm around.

Also, WEP nor MAC filtering will stop a determined hacker. If they want in, they get in. Why go through the trouble of setting up extensive security measures that make it difficult for me to set up and connect, just on the off chance that there's an evil hacker out there. There's nothing here for him to steal or disrupt anyway.

Nah, I'm protected from the 'net and the casual wardriver isn't interested in my MP3 collection or my Ebooks anyway.

dangerwit
09-08-2004, 03:52 PM
Hell, you can even get a cup of coffee if I'm around.

Nah, we'll wait until you're not at home -- your begin there doesn't make a difference, does it? Then later, we can help ourselves to your cable/satellite/aerial signals too... nothing of yours to steal there either.

*Phil

Numsquat
09-08-2004, 04:15 PM
Try not to let the paranoia get to you. Attackers which are capable of circumventing the above measures are fairly sophisticated, and therefore comparatively rare, and generally target victims which are more interesting than the average home user.

I think that's the key. Using the example of the person from the article, most people wanting to access wifi networks just move around until they find unsecured ones, there's enough of them out there. Throwing up any security will prevent 99%+ of unwanted usage.

Are there guys that can hack your system? Yes, but like most thieves, why break in when someone else has their door unlocked and open.

JackTheTripper
09-08-2004, 05:04 PM
I got mine locked down just last week. I was at the other end of the house and I tried it a few months back but it seemed to make the signal weaker. So I mounted it in the hallway and ran some cat5 down the hall.

Works great now. And my neighbors dont use it anymore. :twisted:

dean_shan
09-08-2004, 05:05 PM
Bjornkeizers I agree on with you on your philosophy on WiFi networks. That's the way I do mine.

Steven Cedrone
09-08-2004, 05:06 PM
Bjornkeizers I agree on with you on your philosophy on WiFi networks. That's the way I do mine.

Yes, but I doubt your provider feels the same way...

Steve

PetiteFlower
09-08-2004, 05:07 PM
My network is quite open. I don't use WEP and I don't have mac filtering. I changed the password but that's it.

So you don't care that Spammers are using your bandwidth to send spam? I won't call it "stealing" since you're intentionally leaving it open for people to use. You should care. *I* definitely care! But besides the "public good" reasons of not making it easy for spammers, you should care because your broadband company can hold you responsible if spam is caught being sent through your connection or if an attack comes through and damages their equipment or something of that nature, ESPECIALLY if they figure out that you were intentionally leaving the network open. They can cancel your account, and bill you for the damages. Cover your own butt if not everyone else's.

I had to turn off WEP because my stupid Belkin card's software can't manage to remember the key and I got sick of having to re enter it every morning when I turn on my computer, not to mention the connection was a HELL of a lot less stable before we turned off the WEP. We use the MAC filtering now and it runs a lot smoother. If I could use both without performance issues I would but I'll sacrifice a little bit of security for my network to actually WORK. As long as joe schmo with a laptop driving past my house or the frat boys across the street can't get onto my network I'm happy. I think we also turned off SSID broadcast(have to check that when I get home). If a REAL hacker wanted in they could probably get in but that would be the case with WEP on or not. Taking reasonable measures to secure my network is doing my civic duty and upholding my service agreement with my broadband provider though; my butt is covered :)

Jon Westfall
09-08-2004, 05:31 PM
Exactly who qualifies as a "Real" hacker? I find it pretty humerous that we worry about real hackers. The kiddie hackers will be locked out by a mac filter, and the real hackers probably have much bigger fish they want to fry. After all, what would be a better challenge for the "real" hackers: Getting into a mainframe connected to the net, or breaking into my rural wi-fi network?

I protect against kiddie hackers, and rest fairly assured that the 'real' thing won't be after me anytime soon.

SiliconAddict
09-08-2004, 06:14 PM
I agree with everything except the change of IP scope. First, the IP doesn't matter. It could be 172. something or whatever. Changing it does NOTHING for security. Even if you wanted to prevent people from pinging internal machines, they can still do it if they have an IP on your network. Calculating all adresses on a certain class C is EASY.

When you change the default IP address to something different hackers cannot as easily access your network because they will first have to find out what your IP address scope is.

See my last post.

bjornkeizers
09-08-2004, 07:28 PM
So you don't care that Spammers are using your bandwidth to send spam?

No, not really. At least, not through my WiFi network. I'm much more worried about people getting in over the 'net then I am of someone spamming over my WiFi. My PC's and **** are secure from the net, but I'm not going through all the trouble and hassle to set up all that security on WiFi just to protect against something so highly unlikely. Even if, and that's a big if, someone were to get on my net, what's the chance of him/her actually being a spammer/hacker with bad intentions?

WEP, MAC filtering and frequent IP address changes and things like that create a lot more problems for me. It's difficult and time consuming to set everything up and keep it updated and secure for everyone on the net, and if you do have it set up, things like Wep can cause problems for users as well.


But as I already wrote, the average home user with his MP3 and eBook collections is not a very interesting target, so let's not get paranoid.


Exactly. I don't keep any sensitive data on any networked PC (safely stored on an encrypted CD, in a locked safe, bolted to the wall) Unless people start camping out in the front yard or if I see so much as an unexpected bit or byte travel along my wires, I'm yanking the plug. Until that time, I'm keeping things as they are.

Damion Chaplin
09-08-2004, 08:54 PM
Too bad the people who keep their routers open as "linksys" probably don't read PPCT. :|

I think you hit the nail on the head here. Everyone reading this forum either: A) has already secured their AP as much as they're going to, or B) has already examined their AP security options and has decided not to implement them. No one here is going to say "Holy crap! I didn't know about that!"

That being said, I have WEP activated (WAP doesn't work for some reason), my network is a different name than 'Linksys' and I have added a password to my router. I tried turning off my SSID, but then my laptop stopped seeing the network altogether, even if I specifically put in the ID, so I turned it back on.

Also, I don't remember seeing any part in my ISP contract that said I have to secure my AP. As far as I know, they don't have a limit at all as to how many computers I link to my broadband. This includes my next-door neighbors (who I give access to). I could set up an internet cafe with my current connection, and they wouldn't care. Spam being broadcast from my network would be an entirely different issue, and one that I agree is entirely my own responsibility to prevent from happening.

Anyone see that CSI where the perp was accessing (or maybe he was hosting) kiddie porn sites from his laptop via unsecured APs? There are some very legitimate reasons why one would want to secure their network...

Rob Alexander
09-09-2004, 12:43 AM
Some might say do I feel less comfortable using something other than Linksys own firmware. Actually I feel better about using that then a closed source alternative because more people look at the code then a closed source product and they find vulnerabilities faster.

It's all the same on that score. The reason you have the opportunity to use 3rd party firmware on your router is that Linksys used open source code under the GPL license for their own firmware and so it is available for download and modification by others. I am SO glad they did it that way, because it's allowed me to do things like up the output on my router to make a marginal signal stable, and to use a second router (less expensive) as a repeater (more expensive).

JackTheTripper
09-09-2004, 12:52 AM
because it's allowed me to do things like up the output on my router to make a marginal signal stable, and to use a second router (less expensive) as a repeater (more expensive).
Care to share either of those? :wink:

Janak Parekh
09-09-2004, 04:36 AM
Even if, and that's a big if, someone were to get on my net, what's the chance of him/her actually being a spammer/hacker with bad intentions?
A lot more than you'd initially think, as this article demonstrates.

--janak

Talon
09-10-2004, 05:15 PM
I agree with everything except the change of IP scope. First, the IP doesn't matter. It could be 172. something or whatever. Changing it does NOTHING for security. Even if you wanted to prevent people from pinging internal machines, they can still do it if they have an IP on your network. Calculating all adresses on a certain class C is EASY.

When you change the default IP address to something different hackers cannot as easily access your network because they will first have to find out what your IP address scope is.


Picking a random IP address is a bad idea, if you try accessing a web site that happens to be on an IP address that is within the netmask that you have set your router to then things are going to go wrong.

You should stick to 192.168.x.x or 10.x.x.x since those ranges are defined as unroutable, no server on the internet will use them. That's why all networks behind a NAT box use one of those two ranges.

But I do agree with you, don't make the router 192.168.1.1 and the first machine .1.100, it's too easy to guess.
Yes as soon as they get past your WEP/MAC filter and use DHCP any changes to IP adresses will be obvious but why make life easy for them.

SiliconAddict
09-13-2004, 06:40 AM
Picking a random IP address is a bad idea, if you try accessing a web site that happens to be on an IP address that is within the netmask that you have set your router to then things are going to go wrong.

See my last post. Thank you.

Janak Parekh
09-14-2004, 04:54 AM
When you change the default IP address to something different hackers cannot as easily access your network because they will first have to find out what your IP address scope is.

Picking a random IP address is a bad idea, if you try accessing a web site that happens to be on an IP address that is within the netmask that you have set your router to then things are going to go wrong.
Well, two points:

1. If you have DHCP turned on, it doesn't matter what IP range you pick, as the router is going to tell the computer what it is.

2. If a hacker is truly determined, they can trivially sniff IP traffic to see what IP addresses there are on the network, even without an IP address. A tool like tcpdump (or the Windows equivalent thereof) can be employed.

The key is keeping them off the network. Masking the IP is only minimally useful.

Yes as soon as they get past your WEP/MAC filter and use DHCP any changes to IP adresses will be obvious but why make life easy for them.
If you're proposing to keep DHCP on, don't bother with the IP change. Trust me. It poses zero usefulness. The main reason to change one's IP is to allow VPNs to work for corporate addresses where private address ranges will overlap. If you really want to go ahead with your masking plan, you should at least turn off DHCP.

(Incidentally, there are three private ranges: 192.168.*, 172.16.*, and 10.* {approximately speaking}).

--janak

SiliconAddict
09-14-2004, 06:25 AM
1. If you have DHCP turned on, it doesn't matter what IP range you pick, as the router is going to tell the computer what it is.

Thank you for emphasizing this.

For the sake of completeness here's the summary once again:

A few steps to secure your wireless router:

1. Change the default password of the router's administrator account to a 'strong' password.
2. Change the name of the router from the default 'linksys' etc. to something meaningless.
3. Turn off SSID broadcasting.
4. Turn off the router's DHCP server.
5. Change the router's default LAN IP address and of the clients to one of the private non-routable ranges (RFC 1918):

10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

6. Use MAC address filtering.
7. Use WPA-PSK (Pre Shared Key) encryption if your router and your clients support this or else use WEP, use 'strong' keys and change keys regularly. A handy tool for this is WKG - Wireless Key Generator http://www.majorgeeks.com/download4167.html .
8. WPA-PSK; see if there is a user configurable Rekey Interval (Group Key Rekeying) and set it. I have been using 100 (seconds). Note that some home WPA-PSK only routers or access points may not offer this and use a hard-coded Rekey Interval.
9. Place the access point or router in the center of your home and not near a window. This will maximize the broadcast quality inside, but has the added security benefit of minimizing it outside.

There, 9 things you can do to secure your wireless home network. I think this will keep the majority of the villains out.

Janak Parekh
09-14-2004, 03:38 PM
For the sake of completeness here's the summary once again:
Right. For me, though, DHCP is critical. I have a laptop that I bring between work and home, and it would be a huge hassle to change the IPs back and forth.

I have done everything else, though. ;)

--janak

SiliconAddict
09-14-2004, 03:53 PM
Right. For me, though, DHCP is critical. I have a laptop that I bring between work and home, and it would be a huge hassle to change the IPs back and forth.

http://www.netswitcher.com/

This is one of the utils, I know that there are more (that do the same which is easily switch between network settings).

PetiteFlower
09-14-2004, 04:16 PM
As far as I know, they don't have a limit at all as to how many computers I link to my broadband. This includes my next-door neighbors (who I give access to). I could set up an internet cafe with my current connection, and they wouldn't care.

I think they would beg to differ! You don't have a limit as to how many computers IN YOUR HOUSEHOLD you can link to the broadband, but I am sure that they would not be too happy to find out that 2 households are getting internet for one fee. Now with only one extra family using your connection it's unlikely you'll get caught, but that doesn't mean it's allowed. On the other hand, if you started hosting an internet cafe, I am SURE they would notice the increased traffic and be all over you before you could blink. ESPECIALLY if you were charging for it! But even if you were not charging for the connection itself I'm sure you need a special commercial license agreement to host something like that and you'd have to pay more. Otherwise you'd be using more then your share of network resources and causing a decline in other customers' performance.

Janak Parekh
09-18-2004, 08:58 PM
I think they would beg to differ! You don't have a limit as to how many computers IN YOUR HOUSEHOLD you can link to the broadband, but I am sure that they would not be too happy to find out that 2 households are getting internet for one fee.
Actually, some broadband providers don't want more than one machine per household on a single broadband connection. :? Most do allow the "household" policy, though.

--janak