Security Software Zone Security Software Zone
Home Contact Us
Search in
Forum SecurityToolbox Submit Software
Security Software Zone Login
Security Software Categories
News - Articles - Reviews
Free Newsletter
Join our mailing list and receive
security software news and
advice from our experts.
Submit
  Security Software Zone » Software Reviews » Privacy » New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server

New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server
Category: Privacy
Published: 03/31/2007, 00:18  
Editor: Remus Zoica
 
Print article
Send to a friend
Search in reviews
    Recently Microsoft warned us about a new weakness point that could be used to divert web traffic through a malicious proxy server. For example Internet Explorer use the Web Proxy Automatic Discovery (WPAD) protocol to find a file that enables a browser to configure its proxy settings. Company representatives said It's possible to plant a configuration file that would route traffic through a malicious proxy. A malicious WPAD.dat file could be placed in the Domain Name System (DNS) or the Windows Internet Naming Service (WINS). The client application looks in DNS or WINS to resolve the name of the hosting that has the proxy configuration file. Microsoft said that after the file placed there, WPAD clients "may be able to route their Internet traffic through a malicious proxy server."

    Network managers should reconfigure DNS and WINS on their servers to help prevent the use of this hack. The recommended fix helps prevent the insertion of the malicious file in the server's Domain Name System (DNS) or Windows Internet Naming Service (WINS). The fix is for Windows Server 2003 and Windows 2000 Service Pack 4.

More information is available from Microsoft:

"Client software that is configured to use Web Proxy Automatic Discovery (WPAD) must be able to contact a host that serves a proxy automatic configuration file (Wpad.dat). A WPAD-configured client can use several methods to locate a host that contains a Wpad.dat file. Two of these methods require a WPAD entry to be registered in Domain Name System (DNS) or in Windows Internet Naming Service (WINS). Registering a WPAD entry in DNS or in WINS enables clients to resolve names of hosts that contain proxy automatic configuration files.
If an entity can surreptitiously register a WPAD entry in DNS or in WINS, and this entry resolves to a host with a malicious Wpad.dat file, WPAD clients may be able to route their Internet traffic through a malicious proxy server. Network administrators who have not already registered legitimate WPAD entries in DNS or in WINS, and network administrators who have not correctly implemented WPAD through DHCP and Option 252, must reserve static WPAD DNS host names and WPAD WINS name records. By doing this, network administrators help prevent possible malicious registrations."

The five steps used to reserve static WPAD DNS host names and to reserve WPAD WINS name records, are available at their web site: http://support.microsoft.com/kb/934864
Bookmark to:
Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to Del.icio.us Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to digg Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to FURL Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to reddit Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to Technorati Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to Yahoo My Web Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to Stumble Upon Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to Google Bookmarks Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to RawSugar Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to Squidoo Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to Spurl Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to Netvouz Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to Rojo Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to Bloglines Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to Tailrank

Add a comment for this review

Security Software Zone is not responsible for the content of these User comments.

The views and opinions expressed are those of the individual poster and not the Security Software Zone. Security Software Zone reserves the right to remove offensive or inappropriate messages. If you would like to post your own opinion please fill the fields below.  Maximum length 1250 characters.
Name
Subject
Text from the image
Comment
Submit
Sponsored


Copyright © 2007 Security Software Zone. All Rights Reserved. Forum Submit Software Site Map
Our websites: Titan Backup Software Invisible Secrets Encryption Software System LifeGuard Cleaner
AlphaZip Compression Tool SafeBit Disk Encryption Security Software Zone PC District