Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 371
  • Last Modified:

BYPASSING DNS

We have company internal website.

I can get to my website like this:
https://InventoryDelux.dev.ibm.net/Pages/Default.aspx

But when I try to bypass DNS by directly typing in the ipaddress, I get error below.
Here is the link I am using:
https://10.194.221.83/Pages/Default.aspx
I also tried:
https://10.194.221.83:443/Pages/Default.aspx

Same problem (see error below)

Why is that, and how to bypass DNS and directly access the website.


ERROR:

  There is a problem with this website's security certificate.
 
   
 The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.  
  We recommend that you close this webpage and do not continue to this website.  
  Click here to close this webpage.  
  Continue to this website (not recommended).  
     More information


If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting.
When going to a website with an address such as https://example.com, try adding the 'www' to the address, https://www.example.com.
If you choose to ignore this error and continue, do not enter private information into the website.

For more information, see "Certificate Errors" in Internet Explorer Help.
0
kamistry
Asked:
kamistry
2 Solutions
 
COBOLdinosaurCommented:
It is using the https which is a secure protocol, and the security certificate is for the specific domain: https://InventoryDelux.dev.ibm.net/Pages/Default.aspx

It address: https://10.194.221.83:443/Pages/Default.aspx  using the ip it does not have a certificate and so that raises security violation flags.  There is no way the browser can relate the domain name to the ip because it dd not go through DNS to generate the target address.

C&
0
 
Giovanni HewardCommented:
If the web server is hosting more than one site, its likely configured to reply based on the HTTP host header.  Your browser automatically derives this value from the requested URI and passes the value to the web server.  When your request is based on an IP address, the default web site is displayed.

If more than one site is being hosted, you'll need to either spoof the HTTP host header, or you need to modify your local %windir%\system32\drivers\etc\hosts file to resolve the host name to the IP address is question.  This would effectively bypass your DNS server(s) though unlikely achieve your desired result.

Regarding HTTPS and digital certificates, if you want the web server to respond (without error) to HTTPS requests based on the IP address, then you'll need have the certificate reissued to support multiple CNs, which include the IP address and relevant host names (e.g. 10.0.0.1, host, host.domain.local, host.example.com )

Please note this is not typical, as the general assumption is humans prefer domain names as opposed to IP addresses.  However, it's still possible to do.

Using IIS and SelfSSL7 as an example, you could accomplish this using the following command:

selfssl7 /n cn=localhost;cn=10.0.0.1;cn=host;cn=host.domain.local;cn=host.example.com /k 2096 /t /q /i

Open in new window


Of course this is a self-signed certificate, and would need to be trusted by any client viewing the website over HTTPS.

A TLS extension called Server Name Indication (SNI) allows a server to present multiple certificates on the same IP address and port number.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now