[Dshield] Fun with MSIE's Automatic searching
David.Sentelle at cnbcbank.com
Wed Oct 30 16:26:23 GMT 2002
Watching DNS traffic here, I just noticed a client on my network requesting a non-existent webpage, www.goittech.com.
First, MSIE requested the DNS name, which was not found by any of the DNS servers.
Then MSIE requested auto.search.msn.com's DNS name.
I'm guessing that MSIE's auto search feature found nothing, because the browser then attempted to find www.goittech.com again, then proceeded to try to find www.www.goittech.com.com, www.www.goittech.com.org, and finally www.www.goittech.com.net.
It stopped there... I think it stopped there because the owner of .com.net's DNS server appears to pointing all of these type requests to 10.0.1.128.
The bottom line being that I figured out why so many of our PCs here frequently request webpages from private nets. DOH!
Shouldn't Microsoft do what they can to ease internet loads by not trying such random 'searches'? If not, why don't they just portscan till they find what the browser's looking for? :o (That being my almost security related point, but its a stretch as I know 10.0.0.0/8 traffic isn't routed) Personally, if I owned the .com.net domain, I'd be tempted to put up an anti-microsoft webpage that would get shown to any browser pointed at .com.net sites.
Now that I've got that mystery settled, I've got to figure out why I've got clients on the network requesting DNS names such as 'Excel.exe'. ARGH.
Network Operations Specialist
Commerce National Bank
614.334.6282 Voice 614.848.8830 Fax
There are only 10 types of people in this world:
Those who understand binary, and those who don't.
This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to which
they are addressed. If you have received this e-mail in error,
please notify admin at cnbcbank.com and delete it from your system.
More information about the list