Detections
Analytics

Proxy File '.pac' Request to Public IP Address

medium Nessus Network Monitor Plugin ID 7206

Synopsis

This host is configured to use proxy settings issued by a public IP.

Description

Proxy auto-config files, or PAC files provide the ability to auto configure proxy settings for your browser, including the ability to configure proxy settings on a per URL basis. Recent traffic from this host indicates it has requested a '.pac' file from a remote web server. In the past, malicious software has been known to use these files to perform Man-in-the-Middle attacks against affected systems.

Solution

Ensure this configuration is intended. If not, correct or disable the proxy settings on the remote host.

See Also

https://en.wikipedia.org/wiki/Proxy_auto-config

https://technet.microsoft.com/en-us/library/dd361918.aspx

http://www.nessus.org/u?02a8ece2

http://www.nessus.org/u?fd2efa2f

Plugin Details

Severity: Medium

ID: 7206

Version: 1.0

Family: Data Leakage

Published: 6/3/2016

Updated: 8/16/2018