Solved

BYPASSING DNS

Posted on 2013-11-25
2
307 Views
Last Modified: 2013-11-26
We have company internal website.

I can get to my website like this:
https://InventoryDelux.dev.ibm.net/Pages/Default.aspx

But when I try to bypass DNS by directly typing in the ipaddress, I get error below.
Here is the link I am using:
https://10.194.221.83/Pages/Default.aspx
I also tried:
https://10.194.221.83:443/Pages/Default.aspx

Same problem (see error below)

Why is that, and how to bypass DNS and directly access the website.


ERROR:

  There is a problem with this website's security certificate.
 
   
 The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.  
  We recommend that you close this webpage and do not continue to this website.  
  Click here to close this webpage.  
  Continue to this website (not recommended).  
     More information


If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting.
When going to a website with an address such as https://example.com, try adding the 'www' to the address, https://www.example.com.
If you choose to ignore this error and continue, do not enter private information into the website.

For more information, see "Certificate Errors" in Internet Explorer Help.
0
Comment
Question by:kamistry
2 Comments
 
LVL 53

Assisted Solution

by:COBOLdinosaur
COBOLdinosaur earned 250 total points
ID: 39676280
It is using the https which is a secure protocol, and the security certificate is for the specific domain: https://InventoryDelux.dev.ibm.net/Pages/Default.aspx

It address: https://10.194.221.83:443/Pages/Default.aspx  using the ip it does not have a certificate and so that raises security violation flags.  There is no way the browser can relate the domain name to the ip because it dd not go through DNS to generate the target address.

C&
0
 
LVL 14

Accepted Solution

by:
Giovanni Heward earned 250 total points
ID: 39676282
If the web server is hosting more than one site, its likely configured to reply based on the HTTP host header.  Your browser automatically derives this value from the requested URI and passes the value to the web server.  When your request is based on an IP address, the default web site is displayed.

If more than one site is being hosted, you'll need to either spoof the HTTP host header, or you need to modify your local %windir%\system32\drivers\etc\hosts file to resolve the host name to the IP address is question.  This would effectively bypass your DNS server(s) though unlikely achieve your desired result.

Regarding HTTPS and digital certificates, if you want the web server to respond (without error) to HTTPS requests based on the IP address, then you'll need have the certificate reissued to support multiple CNs, which include the IP address and relevant host names (e.g. 10.0.0.1, host, host.domain.local, host.example.com )

Please note this is not typical, as the general assumption is humans prefer domain names as opposed to IP addresses.  However, it's still possible to do.

Using IIS and SelfSSL7 as an example, you could accomplish this using the following command:

selfssl7 /n cn=localhost;cn=10.0.0.1;cn=host;cn=host.domain.local;cn=host.example.com /k 2096 /t /q /i

Open in new window


Of course this is a self-signed certificate, and would need to be trusted by any client viewing the website over HTTPS.

A TLS extension called Server Name Indication (SNI) allows a server to present multiple certificates on the same IP address and port number.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Read about why website design really matters in today's demanding market.
Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now