Is it possible to filter (*.)wpad.* with RPZ?
Daniel Stirnimann
daniel.stirnimann at switch.ch
Thu Nov 30 07:04:22 UTC 2017
I doubt you can use RPZ for that.
We use https://dnsdist.org/ for that, our rule:
-- WPAD Name Collission Vulnerability
-- US-CERT TA16-144A. Redirect to landing page
addAction(RegexRule("^wpad\\."),SpoofAction("192.168.1.2", "2001:DB8::2"))
Daniel
On 29.11.17 19:12, Grant Taylor via bind-users wrote:
> Is it possible to filter (*.)wpad.* with RPZ? Or do I need to look into
> Response Policy Service and try to filter that way?
>
> I've used RPZ for various different things over the years, but I don't
> quite know how to match a wild card on the right hand side.
>
> Context: I'd like to prevent ""misconfigurations like the following and
> I was hoping that RPZ could be utilized:
>
> Link - Anybody else having issues with wpad.domain.name?
> -
> https://www.reddit.com/r/networking/comments/732r5n/anybody_else_having_issues_with_wpaddomainname/
>
> Link - Alert (TA16-144A) WPAD Name Collision Vulnerability
> - https://www.us-cert.gov/ncas/alerts/TA16-144A
More information about the bind-users
mailing list