Security Incidents mailing list archives
RE: ANOTHER possible Windows problem?
From: "Powers, James L." <JLPowers () cmhmetro net>
Date: Sat, 21 Jul 2001 21:08:52 -0400
Someone in your organization has figured out how to autoconfigure IE, using either DHCP or DNS. IE is set to autoconfigure by default whether you use a proxy or not (using WPAD - Web Proxy AutoDiscovery). You need to find out whether this is a good person or a bad person. When MS first started supporting this, it was a problem since an unauthorized DHCP server could send bogus configurations to IE. Now, it doesn't work over DHCP without a Win2K DHCP server (which has to authorized in a domain), but it can still be done through DNS. Problem? Depends on how you look at it. ;) -----Original Message----- From: David Bernick To: incidents () securityfocus com Sent: 7/20/01 4:15 PM Subject: ANOTHER possible Windows problem? At around 3pm EST all of the Windows 98 boxes at my company suddenly turned their proxy settings on (we don't use a proxy) and set their proxy server to: cache.mycompany.com (substitute mycompany with the name of mycompany) and port 3128. Now i know port 3128 is a Squid proxy port, so i guess that makes sense, but has anyone ever seen anything like this before? the few win2k boxes are fine, as are the linux boxes. Is there a trojan or something like that where the payload changes proxy settings? or is it something else entirely? thanks! dave ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- ANOTHER possible Windows problem? David Bernick (Jul 21)
- Re: ANOTHER possible Windows problem? Kris Carlier (Jul 22)
- RE: ANOTHER possible Windows problem? Sander de Rijk (Jul 22)
- Guess this is a hack attemp Gareth Hastings (Jul 22)
- RE: Guess this is a hack attemp Chip McClure (Jul 22)
- Re: Guess this is a hack attemp Alvin Oga (Jul 22)
- <Possible follow-ups>
- RE: ANOTHER possible Windows problem? Powers, James L. (Jul 22)