Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Microsoft DNS resolver: deliberately sabotaged hosts-file lookup
From: imipak <imipak () gmail com>
Date: Fri, 14 Apr 2006 16:37:49 +0100

Nick FitzGerald wrote:

So, the exception is not that the IP is hard-coded, but that the DNS resolver skips looking in hosts for that 
_domain_ and necessarily does a network DNS lookup...

Presumably, it uses whichever DNS server the local OS thinks it
should use, no differently than any other application on the machine.
So, the workaround for Dave who wants to block connections is simple,
for a given value of simple of course --  run a local, caching only
DNS resolver, which proxies everything back to the usual DNS server,
*except* for which Microsoft sub-domains you'd like to overrule.

I know nothing of BIND configuration (or any other DNS server) but I
imagine this is at least possible.

Unless the DNS server is itself hardcoded in MediaPlayer, as well?



And what exactly is a dream?
And what exactly is a joke?
                                            - Syd Barrett

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]