BugTraq
[Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Apr 13 2006 05:29PM
Dave Korn (davek_throwaway hotmail com) (2 replies)
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Apr 14 2006 12:13AM
Joachim Schipper (j schipper math uu nl) (1 replies)
On Thu, Apr 13, 2006 at 06:29:15PM +0100, Dave Korn wrote:
>
> Hey, guess what I just found out: Microsoft have deliberately sabotaged
> their DNS client's hosts table lookup functionality.

> (...) I'd try to block (Windows Media Player) it in my hosts file.

> Microsoft DNS client special-cases 'go.microsoft.com' and refuses to look
> it up in the hosts file.

> I'm running fully up-to-date Windows XP SP2. I don't have any pfw
> software that could conceivably be interfering, and the windows firewall is
> running with more-or-less the default settings (I've only added a couple of
> exceptions, no other changes). I don't think this is a false positive.
>
> On reading through %WINDIR%\system32\dnsapi.dll with 'strings', I find the
> following hostnames listed. I assume they are all also singled out for
> special treatment:-
>
> www.msdn.com
> msdn.com
> www.msn.com
> msn.com
> go.microsoft.com
> msdn.microsoft.com
> office.microsoft.com
> microsoftupdate.microsoft.com
> wustats.microsoft.com
> support.microsoft.com
> www.microsoft.com
> microsoft.com
> update.microsoft.com
> download.microsoft.com
> microsoftupdate.com
> windowsupdate.com
> windowsupdate.microsoft.com
>
> [ I've verified that the same behaviour occurs for office.microsoft.com,
> exactly as for go.microsoft.com, but haven't tried any of the others yet.
> I'd bet real money on it, though. ]

What's your point? It's not like it's the first piece of software ever
to bypass the hosts file, is it? And if you're a software giant, that's
easy to do at a lower level.

Blacklisting IP addresses by /etc/hosts or equivalent is an extremely
broken way of blocking, anyway; and vague hacks like that need not be
supported. Use a real, non-host-based firewall.

Of course, you might wish to stop certain software from phoning home.
Fine, but use something that works - MS is evil in many ways, but not
because this particular hack happens not to work.

Switching to OSS quite nicely solves all these problems, though.

Joachim

[ reply ]
RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Apr 19 2006 03:56PM
Mario Contestabile (marioc computer org) (1 replies)
RE: Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Apr 20 2006 08:04AM
Nick FitzGerald (nick virus-l demon co uk)
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup Apr 13 2006 05:36PM
Brandon S. Allbery KF8NH (allbery ece cmu edu) (2 replies)
Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Apr 13 2006 06:59PM
Stan Bubrouski (stan bubrouski gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus