Just last week, we had a post of things people have discovered happening on their networks. But there is no shortage of these types of posts, so here is another collection of them or you can read previous iterations of these type of posts.
Read on to find out more to find out what people discovered happening on their networks, thanks to Pi-hole. Continue reading “What Really Happens On Your Network? Part Eight”
We’re back with the latest iteration of users discovering things on their network via Pi-hole. This post is a compilation of things users have discovered over the past year. Some were bad, some were interesting, and some were enlightening. This isn’t the first time we’ve written a post like this, but we will try to go into more detail about what people have discovered and group together similar discoveries. Below you’ll find previous renditions of this type of post.
Read on to find out more to find out what people discovered happening on their networks, thanks to Pi-hole.
There is a new CERT vulnerability that can leave you vulnerable to a Man-in-the-Middle attack. You can mitigate this vulnerability today by adding these two lines to your
0.0.0.0 wpad wpad.example.com
:: wpad wpad.example.com
example.com is a stand in for your local domain. So replace
example.com with whatever your local domain is.
The essence of this vulnerability is that an attacker can add a device to the network named
wpad and get a DHCP lease, thus inserting the name
wpad.example.com in the local DNS pointing to the attacker’s machine. The presence of that A record allows control of the proxy settings of any browser in the network.
You can learn more about the technology behind this attack at Google’s Project Zero page–it’s an older article, but gives some insight into the inner workings of the attack.
The next release of
dnsmasq includes an option (
dhcp-ignore-names) that can be used to mitigate the attack at the source, but we haven’t heard how Simon will act on this new vulnerability.
Since FTLDNS is just our fork of
dnsmasq, we can easily merge in any upstream changes from him, but we wanted to let you know of the
/etc/hosts fix that you can immediately implement.