Dailydave mailing list archives
Re: How is this WPAD redirect even a "hack"?
From: "James (njan) Eaton-Lee" <james.mailing () gmail com>
Date: Tue, 27 Mar 2007 19:36:06 +0100
Ronald L. Rosson Jr. wrote:
This coupled with dnsfun.c (http://packetstormsecurity.org/filedesc/ dnsfun.c.html) could cause some issues. But other than that if best practices are followed it is a non issue.
I'm not convinced that's correct - in any instance though, it depends which best practices you're following; what is this a best practice for? DHCP? DNS? WPAD?
Frankly, this is an attack that would work in the overwhelming majority of windows AD domain environments which don't already use WPAD (or have configuration cruft leftover from using it in the past).
In any case, you can have your DNS Infrastructure configured according to best practices, with Secure DDNS Updates setup, and you're still vulnerable to attack via DNS. I don't recall seeing this mentioned in any of the best practice for DNS hardening, although I could be wrong.
The page that describes how to deploy WPAD (http://tinyurl.com/39ynbl) doesn't discuss the security implications of this either.
If it is a best practice to configure a WPAD DHCP entry or DNS entry even if you don't use WPAD, I certainly can't find anything saying this that pre-dates the content microsoft have since stuck online.
- James. -- James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org "The universe is run by the complex interweaving of three elements: Energy, matter, and enlightened self-interest." - G'Kar https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3 --
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- How is this WPAD redirect even a "hack"? George Ou (Mar 27)
- Message not available
- Message not available
- Re: How is this WPAD redirect even a "hack"? James (njan) Eaton-Lee (Mar 27)
- Message not available
- Message not available
- Re: How is this WPAD redirect even a "hack"? Ronald L. Rosson Jr. (Mar 27)
- Re: How is this WPAD redirect even a "hack"? James (njan) Eaton-Lee (Mar 28)
- <Possible follow-ups>
- Re: How is this WPAD redirect even a "hack"? James (njan) Eaton-Lee (Mar 27)
- Re: How is this WPAD redirect even a "hack"? McGean, Joseph (Mar 27)
- Re: How is this WPAD redirect even a "hack"? george_ou (Mar 28)
- Re: How is this WPAD redirect even a "hack"? Steve Shockley (Mar 31)