[Security] Avoiding DNS Poisoning

Questions about other topics - please check if your question fits better in another category before posting here
Forum rules
Before you post please read this

[Security] Avoiding DNS Poisoning

Postby sinstar on Tue Oct 16, 2012 11:36 pm

Hello, I have a dedicated laptop only for banking (Mint 13) and I've been researching ways to make is as secure as possible. One of the potential threats people point out is DNS poisoning. Since the DNS translates URLs to IPs, will I be completely safe if I type/bookmark the IP itself rather than the URL in Firefox?
For example: "159.53.74.11" instead of "chase.com"

By typing the numeric address, do I really bypass querying the DNS database or is this a pointless stunt?

And if yes - can anyone recommend a secure method to translate URLs to IPs? Googling "url to ip" turns up tons of web services, but how do I know I can trust them?
Thanks!
Last edited by sinstar on Wed Oct 17, 2012 7:27 am, edited 1 time in total.
sinstar
Level 1
Level 1
 
Posts: 2
Joined: Tue Oct 16, 2012 11:13 pm

Linux Mint is funded by ads and donations.
 

Re: [Security] Avoiding DNS Poisoning

Postby xenopeek on Wed Oct 17, 2012 1:45 am

Malicious persons could attack your ISP's DNS cache, and make www.yourbank.com go to the IP address of their choosing instead of to your bank (and then on that other IP address run a site looking like your bank so you will disclose your password for example). While that is not unheard of for home users, you are much more likely to run into such kinds of attacks when you are browsing from an Internet cafe or using a public Wi-Fi hotspot (like in an airport or certain hipster hangouts). On a public Wi-Fi hotspot one of the other visitors can easily attack everybody else on the same Wi-Fi connection.

Storing the IP address instead of the URL is perhaps one way to reduce the risk, but it is inconvenient as IP addresses for websites can and do change over time and you won't be able to trust any website for which you have not previously fetched the IP address on a connection you thought you could trust. Like, if you do an Internet search you won't be able to trust any of the websites returned in the search results...

A better way then is to use DNS Crypt. This encrypts the DNS traffic between your computer and the DNS server, and because DNS Crypt switches from your ISP's DNS to OpenDNS you are even more secure. I have a tutorial on how to set that up here: viewtopic.php?f=42&t=107096
User avatar
xenopeek
Level 21
Level 21
 
Posts: 14983
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Postby sinstar on Wed Oct 17, 2012 8:52 am

Wow, quick and detailed, thank you!

There's no way I'm ever using Wi-Fi to access a bank account, and certainly not from an internet cafe or anywhere public.
The machine is wired to my network's router - it's meant for home only. Both the router and laptop have wireless disabled by default, since I use it once in a blue moon anyway.

DNS Crypt looks like an awesome project and I'm definitely going to give it a try. Glad to hear there are folks working on this - I didn't even know it was possible to opt out of your ISP's resolution database!
sinstar
Level 1
Level 1
 
Posts: 2
Joined: Tue Oct 16, 2012 11:13 pm

Re: [Security] Avoiding DNS Poisoning

Postby DrHu on Wed Oct 17, 2012 2:23 pm

It is also possible that a commercial entity will rearrange/change their IP addresses at some point, so you may miss the connection or get an older one which could also be hijacked
    But that said, companies tend to use an IP/DNS name for a long time, so possibly fairly unlikely..

There are some checks you can also use for dns names (lookups)
http://linuxpoison.blogspot.in/2011/01/ ... -host.html
--and some gui apps as well; usually network tools..
User avatar
DrHu
Level 16
Level 16
 
Posts: 6887
Joined: Wed Jun 17, 2009 8:20 pm


Return to Other topics

Who is online

Users browsing this forum: No registered users and 5 guests