Securing public WiFi system access to prevent spam

Are there any links to information on how to best secure public (free) WiFi
Hot spot system? I'm seeking general information as well as specific
information to stop spammers from using the system to send spam and other
junk.

On Sun, 4 Apr 2004 06:19:22 -0400, "Not Me" <(E-Mail Removed)> wrote:

>Are there any links to information on how to best secure public (free) WiFi
>Hot spot system? I'm seeking general information as well as specific
>information to stop spammers from using the system to send spam and other
>junk.
>
My ISP stops me from sending more than x emails in x amount of time.
That stopped alot of the spammers.

block all TCP port 25 sessions.. inbound and out.. if clients require the
use of an SMTP for legitimate purposes while using this hotspot, then setup
a secure SMTP (requiring a login) for clients to use..



"Not Me" <(E-Mail Removed)> wrote in message
news:c4onfo$2kbp0h$(E-Mail Removed)...
> Are there any links to information on how to best secure public (free)
WiFi
> Hot spot system? I'm seeking general information as well as specific
> information to stop spammers from using the system to send spam and other
> junk.
>
>
>

GPLama <(E-Mail Removed)> wrote:
> block all TCP port 25 sessions.. inbound and out.. if clients require the
> use of an SMTP for legitimate purposes while using this hotspot, then setup
> a secure SMTP (requiring a login) for clients to use..

I think that's far too limiting. Most people are going to want to at least
read email. My ISP requires smtp authentication, and then I can use his
smtp. But blocking SMTP traffic is too stringent.

The way AT&T authenticates is to send an authorization code via an SMS
message to my cellphone as part of its login process. That provides some
cost free (to the user) authentication.

---
Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8-122.5

(E-Mail Removed) wrote:

> I think that's far too limiting. Most people are going to want to at
> least
> read email. My ISP requires smtp authentication, and then I can use his
> smtp. But blocking SMTP traffic is too stringent.
>

Blocking SMTP shouldn't affect reading mail, which uses POP or IMAP. Also,
many ISPs support web mail.

--

Fundamentalism is fundamentally wrong.

To reply to this message, replace everything to the left of "@" with
james.knott.

<(E-Mail Removed)> wrote in message
news:c4p7br$fu9$(E-Mail Removed)...
> GPLama <(E-Mail Removed)> wrote:
> > block all TCP port 25 sessions.. inbound and out.. if clients require
the
> > use of an SMTP for legitimate purposes while using this hotspot, then
setup
> > a secure SMTP (requiring a login) for clients to use..
>
> I think that's far too limiting. Most people are going to want to at
least
> read email. My ISP requires smtp authentication, and then I can use his
> smtp. But blocking SMTP traffic is too stringent.


Not AT all. I wholeheartedly concur on blocking TCP 25. Looking at it from a
client side application, SMTP is only for sending e-mail. Most e-mail
clients RECEIVE e-mail via POP3 (TCP 110), so there is no need to have TCP
25 open. Also typically most ISP's block TCP 25 so that if you are OUTSIDE
of their subnet, you CAN NOT send e-mail anyway, so it's a moot point.

Incidentially I would NEVER check my e-mail on a typical POP3 server form an
outside network as the password for both SMTP and POP3 is sent in clear
text, so anyone can see it.

The only way I would ever do POP3/SMTP over a insecure network from a
client like Outllook is if the ISP provided both encrypted authentication
AND encrypted data transfer! ISP's DON't, so beware!

The better option for anyone interseted in sending e-mail from a PUBLIC
wireless hotspot is to either use your ISP's Webmail option (which SHOULD be
over a secure HTTPS:// connection BTW) or if you are a corporate user, you
should be able to send and receive by e-mail by using VPN to connect to
your corporate network mail server.

Aaron



>
> The way AT&T authenticates is to send an authorization code via an SMS
> message to my cellphone as part of its login process. That provides some
> cost free (to the user) authentication.
>
> ---
> Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8-122.5
>

In article <c4onfo$2kbp0h$(E-Mail Removed)>,
Not Me <(E-Mail Removed)> wrote:
:Are there any links to information on how to best secure public (free) WiFi
:Hot spot system? I'm seeking general information as well as specific
:information to stop spammers from using the system to send spam and other
:junk.

Some spammers are very clever about the methods they use.

You can do obvious things like blocking outgoing port 25 (smtp), but
some spammers use http-to-smtp tunnels. Or https, or just plain run
on obscure ports. Or they'll just use your connections to control
their virtual fleet of compromised rr.com and cox.net and shaw.ca and
so on systems.

You could -try- application-level packet shapers such as from
Packeteer, but your best defence from spammers might be to make your
system so slow and unreliable that the spammers get frustrated and go
on to the next Internet cafe' and leech off of them instead.
--
Warhol's Second Law of Usenet: "In the future, everyone will troll
for 15 minutes."

"Walter Roberson"
| :Are there any links to information on how to best secure public (free)
WiFi
| :Hot spot system? I'm seeking general information as well as specific
| :information to stop spammers from using the system to send spam and other
| :junk.
|
| Some spammers are very clever about the methods they use.
|
| You can do obvious things like blocking outgoing port 25 (smtp), but
| some spammers use http-to-smtp tunnels. Or https, or just plain run
| on obscure ports. Or they'll just use your connections to control
| their virtual fleet of compromised rr.com and cox.net and shaw.ca and
| so on systems.
|
| You could -try- application-level packet shapers such as from
| Packeteer, but your best defense from spammers might be to make your
| system so slow and unreliable that the spammers get frustrated and go
| on to the next Internet cafe' and leech off of them instead.

Thanks for all the responses. Making this slow and unreliable is not an
option. (I have to live in one of these towns -- regardless everyone knows
where I live <g>) I'm focused on making it bullet proof an I can.

Walter Roberson <(E-Mail Removed)> wrote:
> You can do obvious things like blocking outgoing port 25 (smtp), but
> some spammers use http-to-smtp tunnels. Or https, or just plain run
> on obscure ports. Or they'll just use your connections to control
> their virtual fleet of compromised rr.com and cox.net and shaw.ca and
> so on systems.

If they run any of the tunnelling protocols, they are connecting to some
other [compromised] system, so your blocking of port 25 would still be
sufficient to suppress spam originating from your smtp server.

--
---
Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8-122.5

James Knott <(E-Mail Removed)> wrote:
> (E-Mail Removed) wrote:

>> I think that's far too limiting. Most people are going to want to at
>> least
>> read email. My ISP requires smtp authentication, and then I can use his
>> smtp. But blocking SMTP traffic is too stringent.
>>

> Blocking SMTP shouldn't affect reading mail, which uses POP or IMAP. Also,
> many ISPs support web mail.

Silly me. I assumed that someone reading email would probably also want to
send some.