Home
Posted By: deniro Spam Advisory from ATT - 12/25/15 12:19 AM
I got this email earlier tonight. Anyone have any ideas what this is or what I should do? (I X-out the IP address)

Dear Customer,
AT&T has received information indicating that one or more devices using your Internet connection may be sending unsolicited commercial email (spam). Spam originating from the IP address XXXXXXXXX was sent on Dec 24, 2015 at 5:15 PM EST. Our records indicate that this IP address was assigned to you at this time.

A total of 269 similar incidents occurring between December 24, 2015 5:18 AM EST and December 24, 2015 5:15 PM EST have been reported on this account.

If you have a device that has been infected with malicious software, it may be sending spam without your knowledge. An infected device may display no obvious symptoms.

To address this matter we ask that you take the following actions. If your computer(s) are managed by an Information Technology (IT) group at your place of work, please pass this information on to them.

If you use a wireless network, an infected computer may be using your Internet connection without your knowledge. Ensure that your wireless router is password-protected and using WPA or WPA2 encryption (use WEP only if WPA is not available). Check the connections to the router and ensure that you recognize all connected devices.

Ensure your firewall settings and anti-virus software are up-to-date, and install any necessary service packs or patches. Scan all systems for viruses and other malware.
Posted By: grelber Re: Spam Advisory from ATT - 12/25/15 10:23 AM
Unless you can independently verify the authenticity of the e-message — and that means contacting AT&T directly, preferably by telephone (and NOT by using any contact information within the e-message), so that there can be no doubt — you can pretty much be assured that it's a scam or worse. The fact that you received it on Christmas Eve (when it might be very difficult to verify its authenticity) also rates it as highly suspicious.

If it turns out that the e-message is legitimate, it would appear that your equipment is now part of a botnet and it needs to be thoroughly "scrubbed".
Posted By: artie505 Re: Spam Advisory from ATT - 12/25/15 10:37 AM
First, deniro apparently hasn't confirmed that the IP address in the email is actually his address.

There's nothing in that email that smells of scam...doesn't ask for info or money or anything else.

On the other hand, though, can a Mac get commandeered in the manner described?

confused
Posted By: grelber Re: Spam Advisory from ATT - 12/25/15 01:44 PM
Originally Posted By: artie505
First, deniro apparently hasn't confirmed that the IP address in the email is actually his address.
There's nothing in that email that smells of scam...doesn't ask for info or money or anything else.
On the other hand, though, can a Mac get commandeered in the manner described?
confused

If the IP address is spoofed (which is unlikely if the e-message is legitimate, since his ISP would have the information), the question arises as to the real IP address; checking the full headers might be illuminating.
It could be a scam if there is a hotlink to click or something similar (which deniro did not mention or rule out) which in turn would lower the window to intrusion.
That's exactly how botnets work — exactly as the e-message notes (which still doesn't legitimate the message) — and usually the commandeered computer user hasn't a clue.
Posted By: MacManiac Re: Spam Advisory from ATT - 12/25/15 02:12 PM
Hi Deniro,

First of all Merry Christmas to you and all in your circle of family and friends.

Let me add one thought to your situation.....it appears to me to be a legitimate notification on the face of it, and therefore merits at least a modest attempt to reconcile.

I'm going to make a few baseline assumptions on your behalf....

Your Macintosh computer(s) are well maintained and up to date with security updates.

Your use of your Macintosh computers is focused on the brighter side of the internet rather than the darker side where illegitimate activities run wild.

You are bringing this issue to us for additional help and guidance because you are truly concerned that your personal computing suite might possibly actually be producing the underlying spam called out in the ATT notification (which might also be some sort of illegitimate correspondence in its' own right).

So with all the above in mind, I personally would disregard the notification and get on with your normal holiday routine.

The one outside factor that might actually produce the spams supposedly originating from your assigned IP address might be some other "smart" device installed on your home network.....such as a NAS or even another networking device such as a WiFi extender or second access point....these additional network components are normally controlled by an embedded processor running some variant of Linux and potentially they can be and might have been hacked in the past.

Temporarily removing them from your network to reset them to factory defaults, installing the latest firmware updates and then reconfiguring them to your network should remove any further potential for them being responsible.
Posted By: ryck Re: Spam Advisory from ATT - 12/25/15 02:33 PM
Originally Posted By: artie505
There's nothing in that email that smells of scam...doesn't ask for info or money or anything else.

That's my take on the email unless, as grelber points out "It could be a scam if there is a hotlink to click or something similar....". Without a hotlink it doesn't make sense that the netbot people would alert deniro to their presence.

Absent a hotlink, I lean toward the idea that it's a legitimate caution from the ISP. In fact, I think the last three paragraphs of deniro's note are good advice. But, these days caution is always the watchword.

Originally Posted By: artie505
On the other hand, though, can a Mac get commandeered in the manner described?

The idea of botnet is new to me too, but I learned a bit more at this site.
Posted By: MacManiac Re: Spam Advisory from ATT - 12/25/15 02:48 PM
An example of some additional home network devices and their embedded processor vulnerabilities can be found HERE...
Posted By: Douglas Re: Spam Advisory from ATT - 12/25/15 05:11 PM
First, a Merry Christmas to all.

Are there examples of 'running items' if you look at Activity Monitor that one should be on the lookout for that might raise suspicions? Just curious and want to learn more about this.
Posted By: grelber Re: Spam Advisory from ATT - 12/25/15 05:45 PM
Activity Monitor can provide a fair bit of info.

I keep mine open at all times and occasionally check CPU usage when I'm online.

"Networking" shows what processes are open and operating; it can be useful when working online.

"CPU" should normally be relatively 'quiet', even when online; If it appears that there's exaggerated activity when things are otherwise 'quiet', there's a good chance that some sort of (potentially unauthorized) activity is being carried on and may be the first evidence of one's device being used as part of a botnet. At the very least it should provoke more detailed examination as to what's causing it.
Posted By: MacManiac Re: Spam Advisory from ATT - 12/25/15 06:00 PM
FWIW, a brief Google search for any other examples of your notification letter from AT&T shows yours to be unique so far.....so either you're the first of many, or it may have actually originated from AT&T and there may be some smart device on your home network (I discount your iMac, even though it is running a legacy OS that is no longer being actively supported) that might have been compromised.


Have you done an expanded look at the header information on your e-mail to see if it might have originated from any other source than AT&T?
Posted By: deniro Re: Spam Advisory from ATT - 12/25/15 06:12 PM
I think it's legit, but I'll call ATT tomorrow. Not on Christmas.

I avoid the dark side of the internet, my only guilty pleasure being YouTube. In fact, in recent weeks I've beefed up security with the addition of the Disconnect extension to Firefox. I use 1Password (an older version) for all my IDs and passwords, all generated by the program. True, I'm using 10.6.7 and Firefox 39.0.3. But I find it hard to believe that someone would or could break into my router. I do have a second email account at Gmail, but I access it through Firefox, not Apple Mail.

Related or not, I've been getting kernel panics over the past six months on certain web sites. Before 2015, I had never even seen a kernel panic and knew only vaguely what they were. My iMac is about eight years old. After reading some comments at the Bugzilla forum, it looks like the kernel panics are due to the ATI Radeon and something about how it interacts with Firefox. An old driver, I imagine.

That's not my IP address, unless I'm getting confused about what my IP address actually is. In Network Utility, I entered XX.XX.X.XXX in Whois but got no matches.

Here's the rest of the email:

Example message received from XX.XX.X.XXX:

Received: from kinifocu ([XX.XX.X.XXX])
Thu, 24 Dec 2015 22:15:03 +0000
Message-ID: <E80A7FE9C5D442C59506F1BA81D86394@kinifocu>
From: "Anastasiya" <xuv@xn--j14rgen-54a8803e.xxxxxxxx-xxxxxxxx.xxx>
Reply-To: "Anastasiya" <anastasiyaihr@gmail.com>
To: <x@x>
Subject: love for serious corresponding
Date: Thu, 24 Dec 2015 21:52:59 -0700
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 14.0.8089.726
X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8089.726
Content-Type: text/plain; charset="PERL"; format=flowed; reply-type=original
(1 additional line omitted)

DISCLAIMER: The information above contains links to software by third-party vendors (hereafter, “the Software”). AT&T is not responsible for support or assistance for any of the Software. If you need support or assistance with any of the Software, please contact the Software's vendor directly. AT&T is unable to provide a warranty or guarantee, either expressed or implied, for any of the Software. You will be responsible for your own system software and system security and not hold AT&T, its partners, agents or affiliates liable for any costs or damages whatsoever (including, without limitation, damages to access system, hardware and/or software) to your computer as a result of installing or using any of the Software. You also understand that use of all hardware and/or software must comply with the AT&T Acceptable Use Policy.
Important Note: This email contains links to various websites. You may copy and paste the URL(s) into your browser rather than clicking directly on the link.

©2005 - 2015 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
Privacy Policy (Updated July 24, 2015)
Posted By: deniro Re: Spam Advisory from ATT - 12/25/15 06:22 PM
For a long time I had a second email account at myway.com which I was never able to cancel, having had no response to repeated requests via email. I don't know what to make of their service. It seemed almost abandoned. It never worked that well. I noticed that myway.com appears here, though that's prob. because I gave it to ATT or I gave my ATT email to myway.

Expanded header (partial):

From: AT&T IISS Network Security <netsec@att.net>
Subject: Spam advisory for SBC Account Number XXXXXXXX (issue 9277)
Date: December 24, 2015 7:33:15 PM EST
To: myID@myway.com, My Name <myID@sbcglobal.net>
X-Apparently-To: myID@sbcglobal.net; Fri, 25 Dec 2015 00:33:23 +0000
Received-Spf: none (domain of someattservice.net does not designate permitted sender hosts)
Posted By: joemikeb Re: Spam Advisory from ATT - 12/25/15 08:25 PM
If you want to know what your external IP address is at the moment click here. NOTE unless you are paying a stiff premium for a fixed IP address that IP address will change — often. The frequency of change depends on the settings on your router and you ISP's router.
Posted By: deniro Re: Spam Advisory from ATT - 12/25/15 10:41 PM
It could be my IP address, but it isn't at the moment.

I used the Email Header Analyzer at that site, which revealed the source to be abuse-att.net in Durham. I guess that rules out bogus email. Now I have figure out how or why email is being sent from my IP address and what to do about it.
Posted By: MacManiac Re: Spam Advisory from ATT - 12/25/15 11:09 PM
That's legitimate progress.....

To help with the how/what part of your research you should look to any home network devices which might be configured to allow access from outside the local area network (i.e., through the router from the internet side)....do you have any home automation devices such as smart thermostats, light controllers, electronic door locks, etc which might have an app to allow you to access/control them using your smart phone? Do you have any Non-Apple branded networking devices on your home network other than the portal provided by AT&T / SBC Global / Lightspeed, such as IP cameras, Network Accessible Storage (NAS) hard drives, WiFi extender devices, additional access points (AP's) that might have default configurations that could open a path from the WAN side of your router to the LAN side?

Is there any software that you use which would allow you to access your computer from outside the LAN side of your network, i.e., open ports through the router?

Do you have any Windows computers on your home network?

I'm still discounting your primary computer as not being a primary suspect in this issue.
Posted By: deniro Re: Spam Advisory from ATT - 12/25/15 11:37 PM
Mostly no. Here's what I have.

A Dell in another room running Windows OS 8.1 and an iPad, and a printer, all connected wirelessly to this (Mac's) Netgear router. No smart devices. I spent yesterday actually updating security on the Dell, updating the malware and anti-virus programs, updating Firefox, updating spotify (free version). I do this regularly, prob. once a week or two. I don't think the iPad was even used yesterday.

I can't think of any other holes. What do you think about disabling Location Services on this Mac?
Posted By: MacManiac Re: Spam Advisory from ATT - 12/26/15 12:04 AM
Have you done a malware scan on the Windows computer?

What security software do you have running on it?

Which version of Netgear router are you using?

Do you have "Back to my Mac" enabled? (I'm not even sure that is an easy option on 10.6, but worth checking)....what about such software as "LogMeIn".....any such package that would allow you access to your home network from the internet side could provide a possible vector.

There have been some reports of successful intrusion to some routers using embedded Linux....recent firmware updates have been released to close that particular vector....again, not sure about Netgear specifically.

I would discount the iPad and the printer as possible culprits.....my strongest suspicion would rest on the Windows 8.1 Dell as the most likely component.
Posted By: artie505 Re: Spam Advisory from ATT - 12/26/15 11:38 AM
Originally Posted By: ryck
Originally Posted By: artie505
On the other hand, though, can a Mac get commandeered in the manner described?

The idea of botnet is new to me too, but I learned a bit more at this site.

I've poked around a bit, and I can't find any reference to a botnet or any other type of malware that uses Macs to send spam emails; the worst any Mac malware seems to be capable of is click-jacking, info-jacking, or holding your Mac for ransom.

Anybody?

Thanks.
Posted By: ryck Re: Spam Advisory from ATT - 12/26/15 02:08 PM
Originally Posted By: artie505
Originally Posted By: ryck
Originally Posted By: artie505
On the other hand, though, can a Mac get commandeered in the manner described?

The idea of botnet is new to me too, but I learned a bit more at this site.

I've poked around a bit, and I can't find any reference to a botnet or any other type of malware that uses Macs to send spam emails….

On further checking, neither have I and I'm assuming that the lessened (or no) likelihood of Macs involved in this kind of spamming is the reason behind these points in the MacManiac notes to deniro:

Originally Posted By: MacManiac
Do you have any Windows computers on your home network?
I'm still discounting your primary computer as not being a primary suspect in this issue.

Originally Posted By: MacManiac
I would discount the iPad and the printer as possible culprits.....my strongest suspicion would rest on the Windows 8.1 Dell as the most likely component.

However, I'm certainly finding this an informative thread and, even if the Mac itself may not be be the villain, I thought this was interesting:

Originally Posted By: MacManiac
The one outside factor that might actually produce the spams supposedly originating from your assigned IP address might be some other "smart" device installed on your home network.....such as a NAS or even another networking device such as a WiFi extender or second access point....these additional network components are normally controlled by an embedded processor running some variant of Linux and potentially they can be and might have been hacked in the past.
Posted By: deniro Re: Spam Advisory from ATT - 12/26/15 04:51 PM
On the Dell, Windows 8.1: Panda Anti-Virus (incl. firewall) and Malwarebytes Ant-Malware. I did scans yesterday and today and found nothing.

Though today, for some reason, I found Panda disabled. I don't know if I hit the wrong button at some time, but I thought I should mention it. It would be very unlike me and it's not that easy to flub the Panda settings because they're so easy. If it was disabled, it wasn't disabled for long, because I update the databases for Panda and Malwarebytes once a week and therefore am repeatedly seeing their "dashboards."

Firefox 43.0.3 (on the Mac I use 39.0.3) w/Ad Block Plus, HTTPS Everwhere, and Disconnect. No porn sites, gambling, torrent, or illegal downloads of music, movies, or software. I do have a Gmail account and after I got it, switched my various web site IDs and subscriptions from ATT to Gmail.

Netgear router N300. Latest firmware isn't compatible w/10.6, but this router isn't very old.

Back to my Mac: no. LogMein: no. I never access my computer or my info when away from home. I don't do cloud computing. I don't have a cellphone or smartphone or laptop. I do Facetime and internet on the iPad.

It would take a while to describe every privacy and security setting on Windows 8.1, so suffice it to say it's locked down.

But just about anyone can get my email address. So I guess whatever was done wasn't all that difficult. I don't want to call ATT on a weekend. I'll try Monday.

ETA: I also have a free year of ProtectMyID.com
Posted By: MacManiac Re: Spam Advisory from ATT - 12/26/15 06:29 PM
Keep an eye on your Panda to see if it repeats the "off" symptom.....Windows malware routinely disables anti-malware programs as part of its' mode d'emploi. If it repeats, that would be indicative of corruption despite your admirably best efforts....and I would scan it using a different anti-malware program freshly installed to confirm.
Posted By: slolerner Re: Spam Advisory from ATT - 12/31/15 10:26 PM
Originally Posted By: deniro
Firefox 43.0.3 (on the Mac I use 39.0.3) w/Ad Block Plus, HTTPS Everwhere, and Disconnect.

Is Disconnect compatible with Ghostery? Is Ad Block Plus different than Ghostery?

Administrator: I don't want to go off topic but do have questions. Not sure what to do here because it is a security string.
Posted By: cyn Re: Spam Advisory from ATT - 12/31/15 10:50 PM
Best approach would be to start a new thread for your questions.
Posted By: deniro Re: Spam Advisory from ATT - 01/02/16 05:41 PM
I'll give you the facts of what happened. I don't know if any of them are related, but here they are.

An agent at ATT told me that the Spam Advisory email was fake. Fortunately, I had known better than to click on any of the links. I sent him a copy while we were on the phone and he said it wasn't anything like they sent. Also, the account number was wrong. He sounded knowledgable and confident and I was happy to get someone like that at ATT customer service -- for once. He suggested I change my password, so I did.

Then I switched from Panda antivirus to Avast on the Dell. I scanned the hard drive with Avast, Malwarebytes, and the Dec 2015 dowload of a Microsoft anti-malware tool. All found nothing. But Avast reported that my Netgear router had been hacked, infected, and had various vulnuerabilities. I updated the firmware on the router and changed the password. Avast no longer reported problems.

The next day the phone line went out. No dial tone, so no internet obviously. We'd had a ice storm the night before, and I don't know if that was the cause. ATT chose to send out a repairman, but he didn't get here the day he was supposed to. Instead, the phone line magically healed itself and I've been on the internet ever since.

Following the advice of Joe Kissell in his e-book Take Control of Mac Security, I changed the DNS servers in my router settings to a couple Open DNS numbers he recommended in his book. In his old book, I read about the "hidden firewall" in OS X and contemplated whether to use it.

I haven't noticed any odd behavior. I don't know if my Mac or the Dell or the iPad were hacked or harmed. Data seems intact.

Hard for me to believe that someone or some-bot hacked my router, esp. considering the security I already had, including a good password generated by 1Password.
Posted By: joemikeb Re: Spam Advisory from ATT - 01/02/16 11:44 PM
No password is needed or used by most hacker bots. There are several different basic approaches. Even a cursory search of the internet will turn up a wealth of academic research papers written by faculty and graduate students from reputable major universities around the world on how to defeat any password scheme without knowing any passwords. Password cracking is a fertile field for PhD dissertation topics and the research is published freely and legitimately.

You will find a large number of hacker written "how to" articles and even the bots themselves openly for sale.

1Password is a fine utility, I use it myself, in addition to Keychain, but it primarily protects from identity thieves who already have direct access to my computer. It provides zero protection from attacks such as you have encountered. Most hackers have little or no interest in passwords because the seldom if ever use them.
Posted By: deniro Re: Spam Advisory from ATT - 01/03/16 12:30 AM
I feel so much better now.
Posted By: MacManiac Re: Spam Advisory from ATT - 01/03/16 06:11 AM
Good job on updating the firmware for your router....additionally, you can better lock it down from external intrusion by choosing to turn off Telnet and SSH access as those are the most common attack vectors for the embedded Linux kernel that powers that particular small computer.
Posted By: deniro Re: Spam Advisory from ATT - 01/03/16 05:15 PM
How do I do that?
Posted By: MacManiac Re: Spam Advisory from ATT - 01/08/16 05:03 PM
Tell me your router specific model number and I will lookup the PDF for the manual that pertains...it's a little advanced, but still follows simple menu selections and check boxes. Best to have the exact model to be sure the instructions can match.

FWIW, there are several Netgear N300 routers to choose from.....
Posted By: Virtual1 Re: Spam Advisory from ATT - 01/08/16 05:19 PM
A lot of routers nowadays have the firmware update routine in their management page and will download and install it themselves if you select that option. Much easier that way as you don't have to find the correct firmware, download it, connect to the router, upload it, etc. Much more foolproof, it does it pretty automatically.
Posted By: deniro Re: Spam Advisory from ATT - 01/09/16 06:59 PM
Netgear N300 WNR2000v4, firmware version V1.0.0.60

Yes, I've had trouble with firmware upgrades in the past, meaning they don't work, so I would rather download firmware manually.

People at the Netgear forum told me that the new firmware I downloaded last week won't work. They're wrong. I'm using it now and everything's fine.

Posted By: MacManiac Re: Spam Advisory from ATT - 01/10/16 11:51 PM
If you'd like, I will simply list the things that I normally do to help secure WiFi routers that I install.....use as much or as little as makes sense to you.

The VERY FIRST thing that I do is reset the default logon password (page 12) to something that I would use (and that isn't already known to the rest of the world as being the default password for your N300 WNR2000v4.....in this case, the default password that you need to change is "password" and while it doesn't have to be particularly hardened, it should be something that is not only easy for you to remember but also should contain at least one special character, a numeral and both upper and lower case letters - a reasonable example for your situation might be a person, pet, or vehicle that you can apply those parameters to - such as Cr0wn-V1ctoria - upper/lower case, numerals and a special character describing an earlier car you might once have owned.....

The next thing I would do is change the default LAN IP to something different from the default of 192.168.1.1 --- use 192.168.10.1 for the new router address for example. (page 49)

Then I would shrink the DHCP pool down to a more reasonable size and have it start and end more in the middle of your available range.....so instead of serving addresses to over 250 potential LAN clients (the default range is 192.168.1.2 to 192.168.254) I would limit the range to include 20 potential LAN clients and have it start somewhere in the middle, like 192.168.10.180 to 192.168.10.199 -- (page 50) 20 DHCP clients should be more than enough to meet your normal networking needs unless you have a GOB of devices on your network.

Name the SSID (page 28) to your desired name (DeniroNet just as an example) and here is where I would make a password that not only contains upper/lower case, numerals and special characters, but also runs out to 14 characters in length.....this is the password that you use for joining your WiFi network using WPA2 personal with PSK and AES encryption (the default shown on page 30). "MySt00p1dDawg!" for example would be a strong WPA2 passphrase....exactly 14 characters without the quotes, using special characters, numerals, and upper/lower case letters yet easily remembered without having to write it down somewhere.

One other thing that I prefer to do is disable the WPS button on the router so that I can't inadvertently muck up my wireless network......your router does NOT have the option to disable WPS.

Looking further at the remote access options that your router has (and the defaults that it comes with) I don't see any further changes for you.....there is no option for SSH or Telnet access listed, and the WAN Access defaults look fine to me.

Just a few more items in closing.....when you change the routers' internal IP address from the default setting, you will have to log back into the internal control page by directing your browser to the new IP address that you just set -- the default "http://www.routerlogin.net" may no longer get you there. So using our example above, once you reset the IP address to be 192.168.10.1, you will most likely need to send your browser to that address to continue making your changes to setup for your installation.

...and of course, you've already seen that when you change the SSID and the security passphrase to something other than the defaults that Netgear set originally, you will need to join your NEW wireless network instead of the original NETGEAR WiFI network that was originally being broadcast....and use the new passphrase that you set instead of the hard to remember one that is written on the label on the back of your router.

Hope all this doesn't put xx's in your eyes by being too inherently geeky....
Posted By: deniro Re: Spam Advisory from ATT - 01/11/16 12:29 AM
Thanks. That's a lot of suggestions. I didn't know about changing the LAN IP or the DHCP. I'll think about that.

I already changed the base name, base password, and the network password. The passwords are 20-character generated by 1Password which I use for all my passwords. I mentioned before that I changed the DNS numbers to OpenDNS. WPS is disabled under prefs, though the router's WPS light is always on. Guest access is disabled. I could configure the settings so that only the devices I choose can log in to the network. At the moment, a Dell, an ipad, and a printer. I think I have to use the MAC addresses for that. I haven't done it before, but it should be easy.
Posted By: MacManiac Re: Spam Advisory from ATT - 01/11/16 03:02 AM
Using the MAC address to limit access is not as effective as you might hope.....anyone wanting to join your network illicitly can analyze packet data to find the active MAC addresses on your network then spoof one of those. Having a strong WiFi passphrase such as you do is far more effective.

Leave yourself enough room to add devices to your network without having to manually intervene each time, but limit the DHCP pool to a smaller footprint.....I nominally suggest keeping it about 60% larger than your normal client base if you have more than 5 devices on your network.....if you have 5 or less, then limit your pool to 10 clients.
Posted By: Virtual1 Re: Spam Advisory from ATT - 01/11/16 01:06 PM
Well if they're going to all that trouble to use your wifi, they've earned it, haven't they? wink
Posted By: MacManiac Re: Spam Advisory from ATT - 01/12/16 05:27 PM
[IRONY]Yeah, should probably just open the entire WiFi network up and let anyone use it[/IRONY].....my point exactly - there's a point past which additional layers of security are no longer beneficial, and may actually impede the functional use of the network.




edited to add the "irony" tags.....
Posted By: slolerner Re: Spam Advisory from ATT - 01/12/16 07:31 PM
I don't know if it's still true, but routers used to come out of the box unlocked because the manufacturers didn't want all the tech support calls that they were not 'plug and play.' I've been known to hop on an unlocked neighbor's network when my old router had 'issues.' As Steve Jobs said to Apple Records, "Sosumi"
Posted By: MacManiac Re: Spam Advisory from ATT - 01/13/16 11:22 PM
I believe the statute of limitations has passed......

Long ago, when I used to live in San Diego, I had a neighbor who left his Linksys network unlocked at defaults and I would routinely log into his WiFi router to optimize his system unbeknownst to him.....change the default DHCP range, change the network channel he was broadcasting on to minimize his co-channel interference with the other WiFi networks close at hand (and move him away from the channel that I wanted to use.....), etc.

Many years later, I had an opportunity to introduce myself to him and "fessed up" to my actions.....he told me that was the best 802.11b WiFi network he ever saw and regretted having moved on to a later model router for 802.11g as it never performed to his liking (he didn't leave that one at defaults and unencrypted, so I couldn't work my normal magic on it for him.....).
Posted By: slolerner Re: Spam Advisory from ATT - 01/14/16 12:05 AM
Originally Posted By: mac maniac
Name the SSID (page 28) to your desired name (DeniroNet just as an example) and here is where I would make a password that not only contains upper/lower case, numerals and special characters, but also runs out to 14 characters in length.....this is the password that you use for joining your WiFi network using WPA2 personal with PSK and AES encryption (the default shown on page 30). "MySt00p1dDawg!" for example would be a strong WPA2 passphrase....exactly 14 characters without the quotes, using special characters, numerals, and upper/lower case letters yet easily remembered without having to write it down somewhere.

Or turn off the broadcast SSID and go stealth.
Posted By: MacManiac Re: Spam Advisory from ATT - 01/14/16 06:15 AM
...except, the SSID is easily seen with a scan of the current network traffic on any given channel (with easily available software)....No SSID being broadcast does NOT mean no SSID -- and is not particularly stealthy.
Posted By: Virtual1 Re: Spam Advisory from ATT - 01/15/16 12:54 PM
Originally Posted By: MacManiac
...except, the SSID is easily seen with a scan of the current network traffic on any given channel (with easily available software)....No SSID being broadcast does NOT mean no SSID -- and is not particularly stealthy.

"Security through obscurity" or "client-side security" is only a placebo for real security.
© FineTunedMac