LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Desktop
User Name
Password
Linux - Desktop This forum is for the discussion of all Linux Software used in a desktop context.

Notices

Reply
 
Search this Thread
Old 06-12-2008, 01:51 PM   #1
r00ster
Member
 
Registered: May 2007
Location: boundary beach, bc
Distribution: Debian 3.2.46-1+deb7u1
Posts: 199

Rep: Reputation: 15
w3m meets spam url


I get the occasional spam that gives no indication of what is being spamvertized. If I use “w3m [url]” in console, am I at risk of anything untoward happening?

I'm running: Debian Etch/KDE/Icedove
 
Old 06-12-2008, 03:14 PM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Even if nothing untoward results, you might be making them money by going to their website.

If w3m supports javascript and the target website contains a large number of zero sized gifs, they may have crafted a web page that conducts a port scan on your LAN. This may work even though you are using a console web client.
 
Old 06-12-2008, 07:25 PM   #3
r00ster
Member
 
Registered: May 2007
Location: boundary beach, bc
Distribution: Debian 3.2.46-1+deb7u1
Posts: 199

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by jschiwal View Post
Even if nothing untoward results, you might be making them money by going to their website.

If w3m supports javascript and the target website contains a large number of zero sized gifs, they may have crafted a web page that conducts a port scan on your LAN. This may work even though you are using a console web client.
Ta jschiwal;

Any tips on how to get around the (pr)tunneling back to/past my LAN?
My interest is just to confirm spam type in my spam db. I don't want to complicate things by using proxies or starting an SSH Client.

Using a live CD like Knoppix would be a partial sol'n I know; and a major PITA to boot (NPI).

AFAIK, w3m does NOT support JS in default configuration. It can access LYNX files, which do enable JS support;... but only if it is deliberately linked.

Per Sourceforge:
Quote:
w3m is a pager and/or text-based browser. It can handle table, cookies, authentication, and almost everything except JavaScript.
 
Old 06-12-2008, 09:08 PM   #4
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
There is a hack where every other zero size gifs or jpegs have links to local IP addresses. The time between remote requests can determine whether there is a host on that IP address.
This hack may not be very common or useful. It does show how hard it is to conceal all information.

You could counter it by adding an OUTPUT table iptable's rule. If you list just the OUTPUT table, it makes it easy to add and remove rules temporarily. I think a rule dropping local LAN traffic may do it, but I would have to try it out. Given how rare this hack is, it may not be worth the effort to counter it.

If you have only one computer then there wouldn't be a problem.

Something you could try if you have confidence in your computers firewall is putting it on a DMZ port. I wouldn't recommend using a DMZ port on a router normally, but this would isolate the LAN unless your host and then the router both became compromised. Browsing from a Live CD using W3M, there probably isn't much of a chance of that. I think you would be safe.

Make sure you have your router locked down in any case.
  • Change the default login & password credentials on the router.
  • Update the firmware. Some routers have exploits ( Cisto IOS or a very old uClinux ) if the firmware isn't up to date.
  • Disable WAN side configuration.
  • Disable Wireless configuration.
  • If using wireless, use WPA and not WEP.
  • If wireless, use a STRONG pre-shared key. I use the /dev/random device to create a 64 hex digit key.
 
Old 06-13-2008, 05:23 PM   #5
r00ster
Member
 
Registered: May 2007
Location: boundary beach, bc
Distribution: Debian 3.2.46-1+deb7u1
Posts: 199

Original Poster
Rep: Reputation: 15
Quote:
Even if nothing untoward results, you might be making them money by going to their website.
I thought this over; if the spam client is paying the spammer/agent for a 'hit' ... why is that our problem?

Quote:
If you have only one computer then there wouldn't be a problem.
Yes. Stand alone Desktop connected by HSCable Modem; ...no router.

Quote:
I think a rule dropping local LAN traffic may do it,...
I gave this a try, deployed w3m on an url, but I don't have the savvy to know if it actually achieved the desired result. I guess it can't hurt.... redirects notwithstanding.

Do you have any thoughts about using “wget”? I did try it out, but I don't understand the output... I'm working with the man page but... 1419 lines: whew!

I wouldn't want you to spend a lot of your time on this. I'm probably being overly cautious... I just don't want to get hacked by doing something stupid.
 
Old 06-13-2008, 05:50 PM   #6
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
You can use curl as well to retrieve just one page. Pay attention to the java script routines that would run in your browser if they were available. You need to be careful with the options of wget so that you don't start downloading an entire site or all the links on that page.

It's getting hard to know what's legit and what isn't these days. Some ISP's have a contract with a company that records everything you do on the web, in order to target advertising. This is more common in England. I believe that this company (under another name) used to install root kit spy ware in computers. Now the anti-malware companies are debating how to classify their cookies, as adware or spyware. Google for "Phorm". Some ISP's will even modify the contents of a retrieved webpage to make tracking easier. That is a classic man-in-the-middle attack and since you have to go through your ISP, there isn't much defense against it unless they rely on something like cookies that you can block.

However some websites will use redirection through a tracker and if you block that tracker, the web site won't work. For example, PayPal pages being accessible via a redirect through ad.doubleclick. If you block doubleclick you also block access to a page you need. This sounds a lot like spyware to me.

---

Since you don't have other computers on the network, then an iptables rule would be a waste of time. There isn't any info that can be gained indirectly scanning your LAN, simply because you don't have one.
 
Old 06-14-2008, 05:46 AM   #7
r00ster
Member
 
Registered: May 2007
Location: boundary beach, bc
Distribution: Debian 3.2.46-1+deb7u1
Posts: 199

Original Poster
Rep: Reputation: 15
jschiwal;

cURL doesn't seem to be included in Etch; no man page ... and ”~$ find curl...no such file or directory”.
“apt-cache search” shows an entry... so is it safe to assume I can just use “apt-get install curl”? I would be content to be able to take a quick boo at a spam main page just to see what product(s) they're touting.
Quote:
Pay attention to the java script routines that would run in your browser if they were available
Again, I'd be relying on the sourceforge note:
Quote:
w3m is a pager and/or text-based browser. It can handle table, cookies, authentication, and almost everything except JavaScript.
ISP spying: I'm confident my ISP is very “white” in all respects. e.g., they provide a very complete header manifest; ... publishing fields/lines for Spamassassin, Spamhaus, SpamCop, SORBS and all the SURBLs known to modern man, and pre-scanning for malware in message bodies and attachments. Client filtering (custom) is a snap.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
spam filter that puts spam into spam folder? paul_mat Linux - Software 3 03-31-2009 04:18 AM
w3m uid0sd Linux - Software 2 09-21-2007 11:02 AM
w3m question Peff Linux - Software 2 02-10-2006 02:04 PM
w3m delays with cookies avc Linux - Software 0 11-27-2005 01:55 AM
ERROR The requested URL could not be retrieved While trying to retrieve the URL: /re Niceman2005 Linux - General 1 06-29-2005 09:51 AM


All times are GMT -5. The time now is 09:15 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration