This site is now 100% read-only, and retired.

XML logo

DNS Cache Poisoning (CVE-2008-1447)
Posted by PaulePanter on Wed 6 Aug 2008 at 09:38
Dear lazy web,

1. I wonder, if it is a good idea to enter the IP-address in for example /etc/apt/sources.conf or in the URL field of my browser when I want to visit my bank site.

2. Normally the SSL-certificates of my bank ( are valid and so no pop up appears when I access their site through SSL. Do the certificates still protect me in the way, that there is going to be a warning, that the certificate is not valid, when I was redirected to a different (malicious) site ( Or does this just work, if bank.malicious does not have a certificate which was signed by a trust agency (e. g. verigsign (?))?

Thanks for your comments and sorry for the question, but I did not understand this issue at whole.



Comments on this Entry

Re: DNS Cache Poisoning (CVE-2008-1447)
Posted by lee (146.101.xx.xx) on Wed 6 Aug 2008 at 14:30
[ View Weblogs ]
Firstly, if you use an IP address with https urls you will get a certificate warning from your browser. SSL certificates (as deployed in a web server context) are tied to the domain name.

If another site was posing as your bank and had a working signed certificate with your bank's URL, the only (known) way to successfully do that is to trick the signing authority, or to have somehow obtained the key from your bank.

There are additional things to worry about with https and cache poisoning. The browser I'm using, for example, will show inline images from non-https third-parties without advertising that it's doing that. There is a potential attack vector there associated with cache poisoning, but it's not a simple one. (e.g. Your bank's secure page embeds a graphic from a third party site, that site's dns is changed to a machine controlled by an attacker, the graphic displayed contains erroneous information that prompts you into doing something).

[ Parent ]