dhcpd: send empty WPAD with a carriage return

[Jack-Sparr0w]

On or off on home network,

 

[ColinTaylor]

Leave it on the default setting (which IIRC is yes). It's only relevant if you're using Windows 7.

 

[Jack-Sparr0w]

does this option disable wpad

 

[ColinTaylor]

Not entirely. But there are other non-configurable options set in dnsmasq that disallow a host on the LAN claiming wpad as it network name.

 

[Jack-Sparr0w]

would it be safer to turn off being used with a service like nord vpn on router. small home network with no work connections. this article has been scaring me https://www.thewindowsclub.com/how-to-disable-web-proxy-auto-discovery-wpad-in-windows

 

[ColinTaylor]

would it be safer to turn off being used with a service like nord vpn on router. small home network with no work connections. this article has been scaring me https://www.thewindowsclub.com/how-to-disable-web-proxy-auto-discovery-wpad-in-windows

Personally I wouldn't make those changes to my PC just because I was using a VPN. You're already sending all your browser data though the VPN service and trusting them with it. Preventing a hypothetical wpad interception in that circumstance seems a bit of a nonsense argument. If you're particularly concerned simply turning off Automatic Proxy Setup in your browser's settings would probably achieve the same thing. I'm not even sure that WPAD would work at all if the VPN client was running on the router rather than your PC.

 

[Jack-Sparr0w]

This article says Man-in-the-middle attackers can abuse the WPAD protocol, The two researchers showed that some widely used VPN clients, like OpenVPN, do not clear the Internet proxy settings set via WPAD. This means that if attackers have already managed to poison a computer’s proxy settings through a malicious PAC before that computer connects to a VPN, its traffic will still be routed through the malicious proxy after going through the VPN. https://www.pcworld.com/article/415...ur-accounts-and-private-data-compromised.html

 

[ColinTaylor]

This article says Man-in-the-middle attackers can abuse the WPAD protocol, The two researchers showed that some widely used VPN clients, like OpenVPN, do not clear the Internet proxy settings set via WPAD. This means that if attackers have already managed to poison a computer’s proxy settings through a malicious PAC before that computer connects to a VPN, its traffic will still be routed through the malicious proxy after going through the VPN. https://www.pcworld.com/article/415...ur-accounts-and-private-data-compromised.html

Yes, I understand how WPAD works and it's vulnerabilities. You said you were concerned about WPAD when using NordVPN. The threat described by PCworld is not from NordVPN (or any other VPN provider):

...if attackers have already managed to poison a computer’s proxy settings through a malicious PAC before that computer connects to a VPN..

The threat comes from your LAN having already been compromised. They are just saying that using a VPN client doesn't change that.