[Dshield] Fun with MSIE's Automatic searching
tc at pastaga.pp.se
Wed Oct 30 19:20:48 GMT 2002
At 17:26 2002-10-30, you wrote:
>Watching DNS traffic here, I just noticed a client on my network
>requesting a non-existent webpage, www.goittech.com.
>First, MSIE requested the DNS name, which was not found by any of the DNS
>Then MSIE requested auto.search.msn.com's DNS name.
>I'm guessing that MSIE's auto search feature found nothing, because the
>browser then attempted to find www.goittech.com again, then proceeded to
>try to find www.www.goittech.com.com, www.www.goittech.com.org, and
>It stopped there... I think it stopped there because the owner of
>.com.net's DNS server appears to pointing all of these type requests to
>The bottom line being that I figured out why so many of our PCs here
>frequently request webpages from private nets. DOH!
>Shouldn't Microsoft do what they can to ease internet loads by not trying
>such random 'searches'? If not, why don't they just portscan till they
>find what the browser's looking for? :o (That being my almost security
>related point, but its a stretch as I know 10.0.0.0/8 traffic isn't
>routed) Personally, if I owned the .com.net domain, I'd be tempted to put
>up an anti-microsoft webpage that would get shown to any browser pointed
>at .com.net sites.
>Now that I've got that mystery settled, I've got to figure out why I've
>got clients on the network requesting DNS names such as 'Excel.exe'. ARGH.
More information about the list