[51982] in North American Network Operators' Group
Re: Drive-by spam hits wireless LANs
daemon@ATHENA.MIT.EDU (John Angelmo)
Wed Sep 11 13:10:24 2002
Date: Wed, 11 Sep 2002 19:08:53 +0200
From: John Angelmo <john@veidit.net>
To: Jared Mauch <jared@puck.nether.net>
Cc: "Neil J. McRae" <neil@DOMINO.ORG>, blitz <blitz@macronet.net>,
nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
Jared Mauch wrote:
> Imagine a few of the following scenarios:
>
> 1) You wok for an ISP and have access through them. One large
> enough that they apply their AUP to their own people. You have ISDN/DSL
> or some other connection w/ reverse-dns for your personal domain @ home.
> Someone drives by your place, finds your unprotected lan, sends spam, hacks,
> etc.. complaints come in, you lose job because you were a spammer and
> your employer needs to stop, etc.
> 2) You are a small company, someone does this, and you get
> blacklisted as a spamhaus. you are unable to get internet access.
> 3) you have a cable modem as your only high-speed connectivity.
> you have one of the linksys/whatever nat+802.11a/b boxen. you
> get used, you get blacklisted and can not get high-speed pr0n again.
>
> While these seem like minor annoyances in some cases, they
> can be quite dramatic to the person on the receiving end. I wish
> the wireless vendors would use a somewhat more inteligent approach and
> turn WEP on by default when shipping their units and at the cost of
> a few cents more they can print a sticker on the box that can be
> removed later that has the uniqe WEP key for that unit. Similar to
> the way when you go to the hardware store you can play match-up to get
> the same key for multiple locks.
>
Hi
In some way you are right, but still I think it's even worse to use WEP
cause then the admins might think it's safe, it takes about 15 minutes
to crack a wepkey, so instead of drive-by spamming you could call it
drive-by, have a bagle, start spamming.
The most hardware/software indipendent solution I have seen so far is
the use of VPN, simply place the WLAN outside your own LAN.
/John
