w3m meets spam url
 

I get the occasional spam that gives no indication of what is being spamvertized. If I use “w3m [url]” in console, am I at risk of anything untoward happening?

I'm running: Debian Etch/KDE/Icedove

Even if nothing untoward results, you might be making them money by going to their website.

If w3m supports javascript and the target website contains a large number of zero sized gifs, they may have crafted a web page that conducts a port scan on your LAN. This may work even though you are using a console web client.

Ta jschiwal;

Any tips on how to get around the (pr)tunneling back to/past my LAN?
My interest is just to confirm spam type in my spam db. I don't want to complicate things by using proxies or starting an SSH Client.

Using a live CD like Knoppix would be a partial sol'n I know; and a major PITA to boot (NPI).

AFAIK, w3m does NOT support JS in default configuration. It can access LYNX files, which do enable JS support;... but only if it is deliberately linked.

Per Sourceforge:

There is a hack where every other zero size gifs or jpegs have links to local IP addresses. The time between remote requests can determine whether there is a host on that IP address.
This hack may not be very common or useful. It does show how hard it is to conceal all information.

You could counter it by adding an OUTPUT table iptable's rule. If you list just the OUTPUT table, it makes it easy to add and remove rules temporarily. I think a rule dropping local LAN traffic may do it, but I would have to try it out. Given how rare this hack is, it may not be worth the effort to counter it.

If you have only one computer then there wouldn't be a problem.

Something you could try if you have confidence in your computers firewall is putting it on a DMZ port. I wouldn't recommend using a DMZ port on a router normally, but this would isolate the LAN unless your host and then the router both became compromised. Browsing from a Live CD using W3M, there probably isn't much of a chance of that. I think you would be safe.

Make sure you have your router locked down in any case.

• Change the default login & password credentials on the router.
• Update the firmware. Some routers have exploits ( Cisto IOS or a very old uClinux ) if the firmware isn't up to date.
• Disable WAN side configuration.
• Disable Wireless configuration.
• If using wireless, use WPA and not WEP.
• If wireless, use a STRONG pre-shared key. I use the /dev/random device to create a 64 hex digit key.

I thought this over; if the spam client is paying the spammer/agent for a 'hit' ... why is that our problem?

Yes. Stand alone Desktop connected by HSCable Modem; ...no router.

I gave this a try, deployed w3m on an url, but I don't have the savvy to know if it actually achieved the desired result. I guess it can't hurt.... redirects notwithstanding.

Do you have any thoughts about using “wget”? I did try it out, but I don't understand the output... I'm working with the man page but... 1419 lines: whew!

I wouldn't want you to spend a lot of your time on this. I'm probably being overly cautious... I just don't want to get hacked by doing something stupid.

You can use curl as well to retrieve just one page. Pay attention to the java script routines that would run in your browser if they were available. You need to be careful with the options of wget so that you don't start downloading an entire site or all the links on that page.

It's getting hard to know what's legit and what isn't these days. Some ISP's have a contract with a company that records everything you do on the web, in order to target advertising. This is more common in England. I believe that this company (under another name) used to install root kit spy ware in computers. Now the anti-malware companies are debating how to classify their cookies, as adware or spyware. Google for "Phorm". Some ISP's will even modify the contents of a retrieved webpage to make tracking easier. That is a classic man-in-the-middle attack and since you have to go through your ISP, there isn't much defense against it unless they rely on something like cookies that you can block.

However some websites will use redirection through a tracker and if you block that tracker, the web site won't work. For example, PayPal pages being accessible via a redirect through ad.doubleclick. If you block doubleclick you also block access to a page you need. This sounds a lot like spyware to me.

---

Since you don't have other computers on the network, then an iptables rule would be a waste of time. There isn't any info that can be gained indirectly scanning your LAN, simply because you don't have one.

jschiwal;

cURL doesn't seem to be included in Etch; no man page ... and ”~$ find curl...no such file or directory”.
“apt-cache search” shows an entry... so is it safe to assume I can just use “apt-get install curl”? I would be content to be able to take a quick boo at a spam main page just to see what product(s) they're touting.
Again, I'd be relying on the sourceforge note: ISP spying: I'm confident my ISP is very “white” in all respects. e.g., they provide a very complete header manifest; ... publishing fields/lines for Spamassassin, Spamhaus, SpamCop, SORBS and all the SURBLs known to modern man, and pre-scanning for malware in message bodies and attachments. Client filtering (custom) is a snap.