Notice: No more updates since December 2008. KRNIC is operating wpad.kr domain name for other purposes.

wpad.kr

Where all unmatched WPAD (Web Proxy Autodiscovery Protocol) traffic from .kr domains goes to...

  • What is WPAD and wpad.dat?

WPAD (Web Proxy Autodiscovery Protocol) lets web browsers automatically find and use a WebProxy. WPAD lets you use many methods to automatically specify a proxy server configuration file on the network - DHCP, DNS, or manual specification. The wpad.dat file is a JScript file containing a default URL template, constructed by Internet Explorer.

  • What is the concern about WPAD?

If your network is ' EXAMPLE.kr ' and for some reason you do not serve the file 'http://wpad.EXAMPLE.kr/wpad.dat ', the browsers will go on to request ' http://wpad.kr/wpad.dat ' instead.

The browser just does not think about if this is still inside your organization or not. Through the WPAD file, the attacker can point your browsers to his own proxies and intercept and modify all of your WWW traffic.
To illustrate, if a malicious user could host a WPAD server with wpad.kr domain name, this serious security vulnerability would allow attackers to seize control of many computers through conducting man-in-the-middle attacks against customers whose domains are registered as a subdomain to a .kr second-level domain (SLD).

Many computer systems are still critically vulnerable to this security hole. wpad.kr domain name is receiving proxy requests from all over the country at the rate of approximately one a minute.
Graph1
Graph2
Copyright (c) 2008 Jaeyoun Kim All rights reserved.