Unwarranted defamation of wireless networks

by Andy Oram

Related link: http://news.com.com/2100-1033-956911.html

To me, fear-mongering quasi-news reports are worse than spam. That's why I had to publicize this item, provocatively titled "Drive-by spam hits wireless LANs." A reader thinks, "Oh no, the ante's being raised agsin in the wireless security problem," or (if you're as perverse as I am), "Gee, there's room for innovation in every dumb thing people do."

But actually read the report--what is this supposed vulnerability in wireless? Spammers are just exploiting the old trick of finding a mail server that's an open relay. Is that news?

And is the quoted speaker, Adrian Wright, telling us that driving by a wireless network is easier than probing IP addresses from the comfort of one's apartment? Perhaps if companies attach internal mail servers (with private IP addresses) to their wireless LAns, and are less cautious with their configuration than with public servers, but that's a lot of ifs.

I have neither a persecution complex nor a paranoid personality, but I think somebody's down on wireless (an extremely promising technology) and is throwing any mud they can find at it--and sometimes mixing their own mud out of some pretty damn dry clay.

What else (besides the well-publicized holes) do we have to worry about with wireless security?


2002-09-06 13:25:47
SMTP vulnerability from home WLANs
You're right that this is a stupidly inflammatory article and I share your concern about the apparent down on WLAN that the trad media have.

However, consider this. My cable broadband ISP (NTL UK) provides an SMTP server for my use. It assumes that anything originating from it's own network is ok. So now I put up a WLAN on the end of my cable modem (allowed under their AUP) and I leave it open, either by design or accident. My friendly local neighbourhood hacker connects to my WLAN and does a couple of traceroutes that go through the NTL network and identify the ISP. In a matter of seconds, he can work out that smtp.ntlworld.com is probably available. A quick telnet session to confirm and he's got an open relay to use.

The real solution to this is for the ISPs to start providing pop3s and smtps with id-password authentication. It's no harder than providing pop3 and smtp. Then I can feel comfortable about using them from public WiFi hotspots as well. We'd all be much better off pushing for this rather than writing or exposing all the potential flaws in WiFi. We have to change the mindset that thinks that something on the other end of a known piece of copper is secure and start thinking that everything is insecure. And so use end-to-end security as a matter of course.

This concerns me because I really want lots of people to share their bandwidth over WiFi as a matter of course. And I have relatively non-technical people coming to me for advice on how to do it. But at the moment I can't recommend a setup that I can feel comfortable with. Particularly for MS Windows users. Linux, NoCatAuth, 3 Nics, 2 WAPs and a load of Linux nerdiness doesn't cut it.

Andy Oram wrote:
>Thanks! The scenario you're talking about is one I didn't
>think of, and it makes a lot more sense than the article.
>Dial-up or DSL isn't affected, but cable modems might be
>because they're LANs.

I can't see the difference between Dial-up, ADSL, DSL and Cable. All the ISPs I've used with any of these provided an SMTP smarthost service so you could send email. I have once come across an ISP that would only accept email if the From: address included their domain name (eg iomartdsl.com will only accept email from @iomartdsl.com email addresses) but this seems to be the exception rather than the rule.

The point is that once the connection has been authorised, everything coming from that connection is assumed to be secure. But in the example I've given the connection was authorized by my gateway and the WLAN is on the far side of that looking from the ISP. Cable usually authorises by MAC address of the cable modem. The other routes typically authorize by ID/Password. But once authorized there's no difference.

2002-09-10 12:35:14
The problem is real, Andy.
An open wireless network presents a wonderful opportunity for spammers. There's no need to find an open relay to pirate someone else's bandwidth. The spam can be sent directly to its destination using the backbone connectivity of the wireless LAN, and/or bounced off the local mail server (which will generally relay messages for machines on the LAN). And when the complaints come rolling in, who get the blame? The owner of the LAN, of course, since the perpetrator is long gone.

Leaving a wireless LAN open is every bit as much of an attractive nuisance as leaving a mail relay open. More so, in fact, since other forms of abuse are also possible.

--Brett Glass