Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Leaked DNS Query Detection - WPAD Proxy Request

Medium

Synopsis

An internal proxy discovery request has been leaked to the public realm.

Description

WPAD, or Web Proxy Auto-Discovery is a feature which enables some browsers to determine their web proxy settings automatically. WPAD requests are sent out through DNS and Netbios, relying on a locally configured WPAD server within the same network to provide proxy server information when requested. Through an error in DNS configuration, the remote host has sent a WPAD request to the public realm, potentially allowing for a man-in-the-middle (MiTM) attack to take place. A determined attacker who is able to register a gTLD with the same domain name could theoretically serve up false WPAD information, routing all web traffic through a proxy server of their control, allowing them to eavesdrop the connection.

Solution

Disable WPAD requests or ensure firewall settings are configured to drop any outbound 'WPAD' DNS lookups.