Re: How is this WPAD redirect even a "hack"?

["James (njan) Eaton-Lee" <james.mailing () gmail com>]

Ronald L. Rosson Jr. wrote:
> This coupled with dnsfun.c (http://packetstormsecurity.org/filedesc/ 
> dnsfun.c.html) could cause some issues. But other than that if best  
> practices are followed it is a non issue.

I'm not convinced that's correct - in any instance though, it depends 
which best practices you're following; what is this a best practice for? 
DHCP? DNS? WPAD?

Frankly, this is an attack that would work in the overwhelming majority 
of windows AD domain environments which don't already use WPAD (or have 
configuration cruft leftover from using it in the past).

In any case, you can have your DNS Infrastructure configured according 
to best practices, with Secure DDNS Updates setup, and you're still 
vulnerable to attack via DNS. I don't recall seeing this mentioned in 
any of the best practice for DNS hardening, although I could be wrong.

The page that describes how to deploy WPAD (http://tinyurl.com/39ynbl) 
doesn't discuss the security implications of this either.

If it is a best practice to configure a WPAD DHCP entry or DNS entry 
even if you don't use WPAD, I certainly can't find anything saying this 
that pre-dates the content microsoft have since stuck online.

 - James.

--
  James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org

  "The universe is run by the complex interweaving of three
  elements: Energy, matter, and enlightened self-interest." - G'Kar

 https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3
--

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave