[Dshield] Fun with MSIE's Automatic searching

tc tc at pastaga.pp.se
Wed Oct 30 19:20:48 GMT 2002


http://channels.netscape.com/ns/browsers/default.jsp

http://www.msboycott.com/
http://www.msboycott.com/ierror/


At 17:26 2002-10-30, you wrote:

>Watching DNS traffic here, I just noticed a client on my network 
>requesting a non-existent webpage, www.goittech.com.
>
>First, MSIE requested the DNS name, which was not found by any of the DNS 
>servers.
>
>Then MSIE requested auto.search.msn.com's DNS name.
>
>I'm guessing that MSIE's auto search feature found nothing, because the 
>browser then attempted to find www.goittech.com again, then proceeded to 
>try to find www.www.goittech.com.com, www.www.goittech.com.org, and 
>finally www.www.goittech.com.net.
>
>It stopped there...  I think it stopped there because the owner of 
>.com.net's DNS server appears to pointing all of these type requests to 
>10.0.1.128.
>
>The bottom line being that I figured out why so many of our PCs here 
>frequently request webpages from private nets.  DOH!
>
>Shouldn't Microsoft do what they can to ease internet loads by not trying 
>such random 'searches'?  If not, why don't they just portscan till they 
>find what the browser's looking for?  :o  (That being my almost security 
>related point, but its a stretch as I know 10.0.0.0/8 traffic isn't 
>routed)  Personally, if I owned the .com.net domain, I'd be tempted to put 
>up an anti-microsoft webpage that would get shown to any browser pointed 
>at .com.net sites.
>
>Now that I've got that mystery settled, I've got to figure out why I've 
>got clients on the network requesting DNS names such as 'Excel.exe'.  ARGH.
>




More information about the list mailing list