Wednesday 16 February 2005

Stupid public WiFi tricks

Categories: , .

This year's East coast LinuxWorld conference is in Boston, at the Hynes Convention Center. As is becoming common, there's a public WiFi network here. In this case, it's provisioned using SolutionInc's platform.

It seems to work quite well, even at a geek-central show such as this. However, there's one dumb thing it does, which I need to get off my chest.

When a PC connects for the first time that day, the platform goes through a registration process. The first web page you see will be the convention center's. After that, users are free to go about their business.

It does this by spoofing the first connection to its web proxy, and serve up its own welcome page instead of whatever home page you normally see.

However, it also tries to proxy spoof your first POP3 connection, so it can send you a welcoming email. This is the dumb part.

POP3 email clients need to keep track of which messages they have already downloaded, so it doesn't try to download them again. This is known as keeping the "POPstate". However, because the proxy has spoofed the POP3 connection, it will confuse the client—the spoofed message doesn't match up with the POPstate.

This confusion is likely to cause one of two problems. Either the client will re-download every message from the server, causing many duplicates to appear in the client inbox; or worse, the client will skip some new messages, meaning that they'll never be downloaded.

A plea to SolutionInc, their customers, and anyone else who does this stuff: stop it, please!

No comments:

Post a Comment