[Security] Avoiding DNS Poisoning

Questions about other topics - please check if your question fits better in another category before posting here
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Locked
sinstar

[Security] Avoiding DNS Poisoning

Post by sinstar »

Hello, I have a dedicated laptop only for banking (Mint 13) and I've been researching ways to make is as secure as possible. One of the potential threats people point out is DNS poisoning. Since the DNS translates URLs to IPs, will I be completely safe if I type/bookmark the IP itself rather than the URL in Firefox?
For example: "159.53.74.11" instead of "chase.com"

By typing the numeric address, do I really bypass querying the DNS database or is this a pointless stunt?

And if yes - can anyone recommend a secure method to translate URLs to IPs? Googling "url to ip" turns up tons of web services, but how do I know I can trust them?
Thanks!
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 2 times in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Top
User avatar
xenopeek
Level 25
Level 25
Posts: 29614
Joined: Wed Jul 06, 2011 3:58 am

Re: [Security] Avoiding DNS Poisoning

Post by xenopeek »

Malicious persons could attack your ISP's DNS cache, and make www.yourbank.com go to the IP address of their choosing instead of to your bank (and then on that other IP address run a site looking like your bank so you will disclose your password for example). While that is not unheard of for home users, you are much more likely to run into such kinds of attacks when you are browsing from an Internet cafe or using a public Wi-Fi hotspot (like in an airport or certain hipster hangouts). On a public Wi-Fi hotspot one of the other visitors can easily attack everybody else on the same Wi-Fi connection.

Storing the IP address instead of the URL is perhaps one way to reduce the risk, but it is inconvenient as IP addresses for websites can and do change over time and you won't be able to trust any website for which you have not previously fetched the IP address on a connection you thought you could trust. Like, if you do an Internet search you won't be able to trust any of the websites returned in the search results...

A better way then is to use DNS Crypt. This encrypts the DNS traffic between your computer and the DNS server, and because DNS Crypt switches from your ISP's DNS to OpenDNS you are even more secure. I have a tutorial on how to set that up here: http://forums.linuxmint.com/viewtopic.php?f=42&t=107096
Image
Top
sinstar

Post by sinstar »

Wow, quick and detailed, thank you!

There's no way I'm ever using Wi-Fi to access a bank account, and certainly not from an internet cafe or anywhere public.
The machine is wired to my network's router - it's meant for home only. Both the router and laptop have wireless disabled by default, since I use it once in a blue moon anyway.

DNS Crypt looks like an awesome project and I'm definitely going to give it a try. Glad to hear there are folks working on this - I didn't even know it was possible to opt out of your ISP's resolution database!
Top
DrHu

Re: [Security] Avoiding DNS Poisoning

Post by DrHu »

It is also possible that a commercial entity will rearrange/change their IP addresses at some point, so you may miss the connection or get an older one which could also be hijacked
  • But that said, companies tend to use an IP/DNS name for a long time, so possibly fairly unlikely..
There are some checks you can also use for dns names (lookups)
http://linuxpoison.blogspot.in/2011/01/ ... -host.html
--and some gui apps as well; usually network tools..
Top
Locked

Return to “Other topics”