Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How is this WPAD redirect even a "hack"?

From: "James (njan) Eaton-Lee" <james.mailing () gmail com>
Date: Tue, 27 Mar 2007 16:08:48 +0100
Thomas W Shinder wrote:

DDNS will still work on non-domain computers if you set the DDNS to
accept unsecure connections (ie, machines that are not domain members).
Unfortunately, Secure Dynamic DNS Updates being disabled is all too common; as you point out, if it is, non-domain computers can update/create DNS records, and this attack is even more trivial to execute.
Note carefully, though, that the attack *is* still valid even if Secure DDNS updates are enabled. The only way to mitigate this through DNS would be to create a record that authenticated DNS users didn't have permission to update or delete.
As an aside, I've had an offlist e-mail from a contributor wishing to remain nameless pointing out a related post on Full Disclosure a few days ago, which draws attention to the attack vectors associated with Secure DDNS being disabled: 

http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0335.html

 - James.

--
  James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org

  "The universe is run by the complex interweaving of three
  elements: Energy, matter, and enlightened self-interest." - G'Kar

 https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3
--

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: