Dailydave mailing list archives
Re: How is this WPAD redirect even a "hack"?
From: "Ronald L. Rosson Jr." <ron () oneinsane net>
Date: Tue, 27 Mar 2007 12:06:50 -0500
On Mar 27, 2007, at 12:42 AM, George Ou wrote:
http://securitywatch.eweek.com/ microsoft_warns_of_windows_network_hack.html How is this even a "hack"? If someone pwned your DNS, WINS, or DHCP (rogue), they freaking own the entire layer 2 and they own your whole world. WPAD proxy hijack is the last of your worries. Am I missing something here? The following statement is very surprising and questionable. "An attacker could register a WPAD entry in the DNS (Domain Name System) or in WINS (Windows Internet Naming Service) that resolves to a host with a malicious WPAD.dat file."
This coupled with dnsfun.c (http://packetstormsecurity.org/filedesc/ dnsfun.c.html) could cause some issues. But other than that if best practices are followed it is a non issue. -Ron -- Ron Rosson ron () oneinsane net http://www.oneinsane.net _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- How is this WPAD redirect even a "hack"? George Ou (Mar 27)
- Message not available
- Message not available
- Re: How is this WPAD redirect even a "hack"? James (njan) Eaton-Lee (Mar 27)
- Message not available
- Message not available
- Re: How is this WPAD redirect even a "hack"? Ronald L. Rosson Jr. (Mar 27)
- Re: How is this WPAD redirect even a "hack"? James (njan) Eaton-Lee (Mar 28)
- <Possible follow-ups>
- Re: How is this WPAD redirect even a "hack"? James (njan) Eaton-Lee (Mar 27)
- Re: How is this WPAD redirect even a "hack"? McGean, Joseph (Mar 27)
- Re: How is this WPAD redirect even a "hack"? george_ou (Mar 28)
- Re: How is this WPAD redirect even a "hack"? Steve Shockley (Mar 31)