[Dailydave] How is this WPAD redirect even a "hack"?
James (njan) Eaton-Lee
james.mailing at gmail.com
Tue Mar 27 14:36:06 EDT 2007
Ronald L. Rosson Jr. wrote:
> This coupled with dnsfun.c (http://packetstormsecurity.org/filedesc/
> dnsfun.c.html) could cause some issues. But other than that if best
> practices are followed it is a non issue.
I'm not convinced that's correct - in any instance though, it depends
which best practices you're following; what is this a best practice for?
DHCP? DNS? WPAD?
Frankly, this is an attack that would work in the overwhelming majority
of windows AD domain environments which don't already use WPAD (or have
configuration cruft leftover from using it in the past).
In any case, you can have your DNS Infrastructure configured according
to best practices, with Secure DDNS Updates setup, and you're still
vulnerable to attack via DNS. I don't recall seeing this mentioned in
any of the best practice for DNS hardening, although I could be wrong.
The page that describes how to deploy WPAD (http://tinyurl.com/39ynbl)
doesn't discuss the security implications of this either.
If it is a best practice to configure a WPAD DHCP entry or DNS entry
even if you don't use WPAD, I certainly can't find anything saying this
that pre-dates the content microsoft have since stuck online.
- James.
--
James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org
"The universe is run by the complex interweaving of three
elements: Energy, matter, and enlightened self-interest." - G'Kar
https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3521 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.immunitysec.com/pipermail/dailydave/attachments/20070327/1a4b6705/attachment.bin
More information about the Dailydave
mailing list