WPADblock initiative: monitoring and blocking WPAD traffic since 2007.
We've been registering wpad.* domains since 2007 to prevent malicious use. These domains pose several security threats, ranging from simple MITM attacks, ending with possible remote code execution. Please refer to the links provided below for further information. We currently do not disclose information on how often these domains are queried. We do however gather statistical information, that can be shared for the purposes of security research at any time.If you have reached this site to verify if WPAD is leaking in your network, your status is:
Read more about WPAD protocol:
Read more about security problems with WPAD:
- http://www.trendmicro.co.uk/media/misc/wp-badwpad.pdf
- https://googleprojectzero.blogspot.com/2017/12/apacolypse-now-exploiting-windows-10-in_18.html
Most recent research published by redteam.pl and their concers about our efforts can be found at:
- https://blog.redteam.pl/2019/05/badwpad-dns-suffix-wpad-wpadblocking-com.html
- https://blog.redteam.pl/2019/05/badwpad-and-wpad-pl-wpadblocking-com.html
Due to this development and presented concerns related to our credibility and methods used for funding of this project, we've decided to:
- Provide detailed usage logs from all wpad.* domains owned by us to RedTeam.pl and cooperate in preparing thorough analysis of the leaking WPAD traffic we're seeing on our domains. The results of this research will be published on RedTeam.pl blog as a followup to their previous research.
- Transfer ccTLD wpad.* domains we own to appropriate national CERTs interested in taking over the leaking WPAD traffic. This process has been already initiated for: CERT-PL, CERT-EE, CERT-LV, CERT-TW
- Cooperate with Cloudflare to sponsor renewals and effectively sinkhole all remaining wpad.* domains which we own.
- Continue our efforts (backed by Cloudflare) in blocking of the leaking WPAD traffic by potentially acquiring other wpad.* domains based on our research.
Questions? [email protected]