Re: DNS queries on HTML mail in Outlook

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
• Date: Mon, 2 May 2005 20:50:19 -0500

Hi Danny,
Agreed, its some pretty weird stuff. I leave HTML mail open because I
have four AV and spam relays in front of my Exchange Server, and I run
AV and antispyware on my hosts. So, I guess if HTML mail is that robust,
it deserves to infect him. I haven't been nailed by it in over 7 years,
so maybe my time is running out :-))

I've notice this phenomenum before, but never got around to asking
anyone about it. What's interesting is that it bypasses the Web proxy
and firewall client configuration, as the queries are generated by the
SecureNAT client config. I *think* this may be related to a bug in
Outlook 2003 and its HTTP handling. I recall some with Microsoft QFE
mentioning this to me, I'll have to ask him about this. 

Thanks!

Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: Danny [mailto:nocmonkey@xxxxxxxxx] 
Sent: Monday, May 02, 2005 1:45 PM
To: [ExchangeList]
Subject: [exchangelist] Re: DNS queries on HTML mail in Outlook

http://www.MSExchange.org/

On 5/2/05, Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote:
>  http://www.MSExchange.org/
>  
> Hey folks, 
>   
> Here's an interesting finding on an Outlook 2003 client. I found that
when
> an HTML message comes in that has A HREF references to it, Outlook
does a
> DNS query for the domains included in the message. I have pack
captures
> showing this. Anyone ever head of such a thing? 

Interesting.  Any other interesting traffic?

I wouldn't know because I only read email in plain text format with
Microsoft products.  This is a significant malware mitigation
technique.

...D

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
tshinder@xxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts:

• » DNS queries on HTML mail in Outlook
• » Re: DNS queries on HTML mail in Outlook
• » Re: DNS queries on HTML mail in Outlook
• » Re: DNS queries on HTML mail in Outlook
• » Re: DNS queries on HTML mail in Outlook
• » Re: DNS queries on HTML mail in Outlook

1. Home
2. exchangelist
3. Archive
4. 05-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---