An article review.
Opportunistic hackers could register new TLDs hoping to prey on misdirected internal traffic
The US Computer Emergency Readiness Team (US-CERT) recently issued a statement for organizations who use top level domain names to route internal traffic, warning that misconfigured proxy servers could route requests for those names to newly registered external domains.
The potential attack is linked to the Web Proxy Auto-Discovery (WPAD) service in Windows, which attempts to standardize web proxy configurations across a network by downloading settings from a central server. Domain name requests intended for WPAD have been observed reaching servers on the open internet in the past, potentially leading to a situation where internal network traffic gets routed to a domain specifically selected to try and catch these requests for malicious purposes.
Considering the increase in top level domain names from less than a dozen to over 1,200 it’s impossible to know what formerly unused names could become live in the future, so security experts suggest companies either use names they’ve registered themselves or make certain no internal DNS requests can make it to the outside.
Original article by US-CERT.
