Dailydave mailing list archives
Re: How is this WPAD redirect even a "hack"?
From: "McGean, Joseph" <joseph.mcgean () i-Deal com>
Date: Tue, 27 Mar 2007 12:32:43 -0400
Dave, Okay I will check the logs. Joe -------------------------- Sent from my BlackBerry Wireless Handheld ___________________________ This e-mail message and any attachments are confidential. Dissemination, distribution or copying of this e-mail or any attachments by anyone other than the intended recipient is prohibited. If you are not the intended recipient, please notify i-Deal LLC immediately by replying to this e-mail, and destroy all copies of this e-mail and any attachments. -----Original Message----- From: dailydave-bounces () lists immunitysec com <dailydave-bounces () lists immunitysec com> To: Thomas W Shinder <tshinder () tacteam net> CC: dailydave () lists immunitysec com <dailydave () lists immunitysec com> Sent: Tue Mar 27 11:08:48 2007 Subject: Re: [Dailydave] How is this WPAD redirect even a "hack"? Thomas W Shinder wrote:
DDNS will still work on non-domain computers if you set the DDNS to accept unsecure connections (ie, machines that are not domain members).
Unfortunately, Secure Dynamic DNS Updates being disabled is all too common; as you point out, if it is, non-domain computers can update/create DNS records, and this attack is even more trivial to execute. Note carefully, though, that the attack *is* still valid even if Secure DDNS updates are enabled. The only way to mitigate this through DNS would be to create a record that authenticated DNS users didn't have permission to update or delete. As an aside, I've had an offlist e-mail from a contributor wishing to remain nameless pointing out a related post on Full Disclosure a few days ago, which draws attention to the attack vectors associated with Secure DDNS being disabled: http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0335.html - James. -- James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org "The universe is run by the complex interweaving of three elements: Energy, matter, and enlightened self-interest." - G'Kar https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3 -- *** This email was scanned for malicious content *** *** IMPORTANT: Do not open attachments from unrecognized senders *** ****************************************************************** This e-mail message and any attachments are confidential. Dissemination, distribution or copying of this e-mail or any attachments by anyone other than the intended recipient is prohibited. If you are not the intended recipient, please notify i-Deal LLC immediately by replying to this e-mail, and destroy all copies of this e-mail and any attachments. Thank you! ******************************************************************
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- How is this WPAD redirect even a "hack"? George Ou (Mar 27)
- Message not available
- Message not available
- Re: How is this WPAD redirect even a "hack"? James (njan) Eaton-Lee (Mar 27)
- Message not available
- Message not available
- Re: How is this WPAD redirect even a "hack"? Ronald L. Rosson Jr. (Mar 27)
- Re: How is this WPAD redirect even a "hack"? James (njan) Eaton-Lee (Mar 28)
- <Possible follow-ups>
- Re: How is this WPAD redirect even a "hack"? James (njan) Eaton-Lee (Mar 27)
- Re: How is this WPAD redirect even a "hack"? McGean, Joseph (Mar 27)
- Re: How is this WPAD redirect even a "hack"? george_ou (Mar 28)
- Re: How is this WPAD redirect even a "hack"? Steve Shockley (Mar 31)