Educause Security Discussion mailing list archives
Re: WPAD DNS floods
From: Brad Judy <Brad.Judy () COLORADO EDU>
Date: Wed, 16 Jan 2008 13:43:29 -0700
The MAT sent a request to this list a few weeks ago asking for feedback from schools on the WPAD topic because we were asked by MS to investigate the impact in higher ed. We only received three replies and passed the information along to MS. This is the first I've heard of a single machine producing that many WPAD requests, which makes me suspect that it somehow got caught in a loop. MS might be interested in more details in this instance. If they are, would you like us to put them in contact with you? In general, campuses may see a lot of WPAD.school.edu requests from their networks and if you don't have some mechanism of host name approval that would prevent someone from registering that name, you should consider adding some sort of block to using that hostname. Brad Judy REN-ISAC MAT IT Security Office University of Colorado at Boulder
-----Original Message----- From: Gary Flynn [mailto:flynngn () JMU EDU] Sent: Wednesday, January 16, 2008 11:15 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] WPAD DNS floods Hi, Anyone seen floods to wpad.university.edu and tracked the problem down? We've seen it intermittently in the past but not to a significant degree but we just experienced substantial performance impact on our DNS servers from one student machine. We've got the machine in hand and are investigating but I thought I'd ask. Coincidently, its a Vista machine which reminds me of the isatap.university.edu floods reported in the past. -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Current thread:
- WPAD DNS floods Gary Flynn (Jan 16)
- <Possible follow-ups>
- Re: WPAD DNS floods Jeff Kell (Jan 16)
- Re: WPAD DNS floods Gary Flynn (Jan 16)
- Re: WPAD DNS floods Valdis Kletnieks (Jan 16)
- Re: WPAD DNS floods Valdis Kletnieks (Jan 16)
- Re: WPAD DNS floods Dan Peterson (Jan 16)
- Re: WPAD DNS floods Gary Flynn (Jan 16)
- Re: WPAD DNS floods Brad Judy (Jan 16)
- Re: WPAD DNS floods Brad Judy (Jan 16)
- Re: WPAD DNS floods Brad Judy (Jan 16)
- Re: WPAD DNS floods Gary Flynn (Jan 16)
- Re: WPAD DNS floods Doug Pearson (Jan 16)