[Dailydave] How is this WPAD redirect even a "hack"?
Ronald L. Rosson Jr.
ron at oneinsane.net
Tue Mar 27 13:06:50 EDT 2007
On Mar 27, 2007, at 12:42 AM, George Ou wrote:
> http://securitywatch.eweek.com/
> microsoft_warns_of_windows_network_hack.html
>
> How is this even a "hack"? If someone pwned your DNS, WINS, or DHCP
> (rogue), they freaking own the entire layer 2 and they own your
> whole world.
> WPAD proxy hijack is the last of your worries. Am I missing
> something here?
>
> The following statement is very surprising and questionable.
>
> "An attacker could register a WPAD entry in the DNS (Domain Name
> System) or
> in WINS (Windows Internet Naming Service) that resolves to a host
> with a
> malicious WPAD.dat file."
>
This coupled with dnsfun.c (http://packetstormsecurity.org/filedesc/
dnsfun.c.html) could cause some issues. But other than that if best
practices are followed it is a non issue.
-Ron
--
Ron Rosson
ron at oneinsane.net
http://www.oneinsane.net
More information about the Dailydave
mailing list