The essence of this is that an attacker can get a DHCP lease whilst
claiming the name "wpad" and thus insert the name in
the local DNS pointing the attacker's machine. The presence of that A
record allows control of the proxy settings of any browser in the network.

It's already possible to mitigate this: adding wpad

to /etc/hosts will generate harmless A and AAAA records which override
those that may be created by DHCP leases.

The currently unreleased 2.80 version of dnsmasq adds the
dhcp-name-match option, which allows


Which stops the attack at source.

The question is, should the above configuration be "baked in" to the code?



Dnsmasq-discuss mailing list

Reply via email to