[Dshield] Fun with MSIE's Automatic searching

David Sentelle David.Sentelle at cnbcbank.com
Wed Oct 30 16:26:23 GMT 2002

Watching DNS traffic here, I just noticed a client on my network requesting a non-existent webpage, www.goittech.com.  

First, MSIE requested the DNS name, which was not found by any of the DNS servers.  

Then MSIE requested auto.search.msn.com's DNS name.  

I'm guessing that MSIE's auto search feature found nothing, because the browser then attempted to find www.goittech.com again, then proceeded to try to find www.www.goittech.com.com, www.www.goittech.com.org, and finally www.www.goittech.com.net.  

It stopped there...  I think it stopped there because the owner of .com.net's DNS server appears to pointing all of these type requests to

The bottom line being that I figured out why so many of our PCs here frequently request webpages from private nets.  DOH!

Shouldn't Microsoft do what they can to ease internet loads by not trying such random 'searches'?  If not, why don't they just portscan till they find what the browser's looking for?  :o  (That being my almost security related point, but its a stretch as I know traffic isn't routed)  Personally, if I owned the .com.net domain, I'd be tempted to put up an anti-microsoft webpage that would get shown to any browser pointed at .com.net sites.

Now that I've got that mystery settled, I've got to figure out why I've got clients on the network requesting DNS names such as 'Excel.exe'.  ARGH.

David Sentelle
Network Operations Specialist
Commerce National Bank
614.334.6282 Voice    614.848.8830 Fax
There are only 10 types of people in this world: 
Those who understand binary, and those who don't.

This e-mail and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to which 
they are addressed. If you have received this e-mail in error, 
please notify admin at cnbcbank.com and delete it from your system.

More information about the list mailing list