|
Security Incidents
mailing list archives
RE: ANOTHER possible Windows problem?
From: "Powers, James L." <JLPowers () cmhmetro net>
Date: Sat, 21 Jul 2001 21:08:52 -0400
Someone in your organization has figured out how to autoconfigure IE, using
either DHCP or DNS. IE is set to autoconfigure by default whether you use a
proxy or not (using WPAD - Web Proxy AutoDiscovery). You need to find out
whether this is a good person or a bad person.
When MS first started supporting this, it was a problem since an
unauthorized DHCP server could send bogus configurations to IE. Now, it
doesn't work over DHCP without a Win2K DHCP server (which has to authorized
in a domain), but it can still be done through DNS.
Problem? Depends on how you look at it. ;)
-----Original Message-----
From: David Bernick
To: incidents () securityfocus com
Sent: 7/20/01 4:15 PM
Subject: ANOTHER possible Windows problem?
At around 3pm EST all of the Windows 98 boxes at my company suddenly
turned their proxy settings on (we don't use a proxy) and set their
proxy server to: cache.mycompany.com (substitute mycompany with the name
of mycompany) and port 3128.
Now i know port 3128 is a Squid proxy port, so i guess that makes sense,
but has anyone ever seen anything like this before? the few win2k boxes
are fine, as are the linux boxes. Is there a trojan or something like
that where the payload changes proxy settings?
or is it something else entirely?
thanks!
dave
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see:
http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
- Re: ANOTHER possible Windows problem?, (continued)
|
Intro
