cancel
Showing results for 
Search instead for 
Did you mean: 

DNS hijacking, Pulse, and instantproxy.pac

braker_
Frequent Contributor

DNS hijacking, Pulse, and instantproxy.pac

We have been receiving complaints from some users that they cannot reach Internet sites when connected to the corporate VPN using the Pulse client. An examination of the instantproxy.pac file show that the first line of the file is being overwritten with HTML code that references dnsrsearch.com.

 

A quick Google search suggests dnsrsearch is some sort of DNS hijacking software delivered by those fine folks at Time Warner Cable as a means to redirect users to ad sites. Obiviously, the correct solution is to remove and prevent installation of any type of crapware.

 

I am curious as to how/why the instantproxy.pac file is being modified for Pulse users, but apparently not for Network Connect users.

 

Has anyone seen similar?

2 REPLIES 2
braker_
Frequent Contributor

Re: DNS hijacking, Pulse, and instantproxy.pac

Anyone have any information on this? I am seeing this with two different ISPs now - Time Warner and Verizon.

 

We're using Pulse 4.0.13 on an SA-6500 running 7.4r13

The first line of the instantproxy.pac file is getting modified with HTML code as below...


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html><head><meta http-equiv="refresh" content="0;url=http://searchassist.verizon.com/main?InterceptSource=0&ClientLocation=us&ParticipantID=euekiz39ksg8n... type="text/javascript">url="http://searchassist.verizon.com/main?InterceptSource=0&ClientLocation=us&ParticipantID=euekiz39ksg8n... w=window,d=document,e=d.documentElement,b=d.body,x=w.innerWidth||e.clientWidth||b.clientWidth,y=w.innerHeight||e.clientHeight||b.clientHeight;url+="&w="+x+"&h="+y;}window.location.replace(url);</script></head><body></body></html>

Markp132_
Occasional Contributor

Re: DNS hijacking, Pulse, and instantproxy.pac

 

Manually setting you DNS settings  in your Tunnel Profile will correct the issue. I had the same problem with a few of my users and forcing the mag to configure DNS instead of using the default IVE fixed the issue.

 

Select manual dns settings and the reset should be pretty straight forward.

 

For DNS Search order, Make sure you set it to Search the device's DNS servers first, then client

 

Mark