[Dailydave] How is this WPAD redirect even a "hack"?
James (njan) Eaton-Lee
james.mailing at gmail.com
Tue Mar 27 11:08:48 EDT 2007
Thomas W Shinder wrote:
> DDNS will still work on non-domain computers if you set the DDNS to
> accept unsecure connections (ie, machines that are not domain members).
Unfortunately, Secure Dynamic DNS Updates being disabled is all too
common; as you point out, if it is, non-domain computers can
update/create DNS records, and this attack is even more trivial to execute.
Note carefully, though, that the attack *is* still valid even if Secure
DDNS updates are enabled. The only way to mitigate this through DNS
would be to create a record that authenticated DNS users didn't have
permission to update or delete.
As an aside, I've had an offlist e-mail from a contributor wishing to
remain nameless pointing out a related post on Full Disclosure a few
days ago, which draws attention to the attack vectors associated with
Secure DDNS being disabled:
http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0335.html
- James.
--
James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org
"The universe is run by the complex interweaving of three
elements: Energy, matter, and enlightened self-interest." - G'Kar
https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3521 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.immunitysec.com/pipermail/dailydave/attachments/20070327/942fb39e/attachment.bin
More information about the Dailydave
mailing list