If you are in a Windows network, and you basically connect to a website ; And there is an attacker on Linux who changes the hostname to WPAD and configures WPAD.dat in his system, all your PC's traffic can be captured (or) spoofed.
WPAD.dat - Something like:
function FindProxyForUrl(url, h){
return "FAKE PROXY";
}
As a client device, simply turn off the "Automatically detect proxy settings" feature in Internet Options. This prevents the browser from trying to look up a location for the wpad.dat or proxy PAC script.
If you want to protect poorly configured devices on your network, set a DNS entry for WPAD and blackhole the traffic.
A DNS entry to 127.0.0.1 is only helpful if the computer is inside a corporate network. In a home environment or at a public wireless site you have to rely on the browsers "Automatically detect proxy settings." If the browser has been re-installed or a new one installed the settings Proxy settings may still be turned on. To protect the system, put an entry for WPAD in the C:\Windows\System32\drivers\etc\hosts file.
EG: 127.0.0.1 WPAD
