Solved

BYPASSING DNS

Posted on 2013-11-25
2
340 Views
Last Modified: 2013-11-26
We have company internal website.

I can get to my website like this:
https://InventoryDelux.dev.ibm.net/Pages/Default.aspx

But when I try to bypass DNS by directly typing in the ipaddress, I get error below.
Here is the link I am using:
https://10.194.221.83/Pages/Default.aspx
I also tried:
https://10.194.221.83:443/Pages/Default.aspx

Same problem (see error below)

Why is that, and how to bypass DNS and directly access the website.


ERROR:

  There is a problem with this website's security certificate.
 
   
 The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.  
  We recommend that you close this webpage and do not continue to this website.  
  Click here to close this webpage.  
  Continue to this website (not recommended).  
     More information


If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting.
When going to a website with an address such as https://example.com, try adding the 'www' to the address, https://www.example.com.
If you choose to ignore this error and continue, do not enter private information into the website.

For more information, see "Certificate Errors" in Internet Explorer Help.
0
Comment
Question by:kamistry
2 Comments
 
LVL 53

Assisted Solution

by:COBOLdinosaur
COBOLdinosaur earned 250 total points
ID: 39676280
It is using the https which is a secure protocol, and the security certificate is for the specific domain: https://InventoryDelux.dev.ibm.net/Pages/Default.aspx

It address: https://10.194.221.83:443/Pages/Default.aspx  using the ip it does not have a certificate and so that raises security violation flags.  There is no way the browser can relate the domain name to the ip because it dd not go through DNS to generate the target address.

C&
0
 
LVL 15

Accepted Solution

by:
Giovanni Heward earned 250 total points
ID: 39676282
If the web server is hosting more than one site, its likely configured to reply based on the HTTP host header.  Your browser automatically derives this value from the requested URI and passes the value to the web server.  When your request is based on an IP address, the default web site is displayed.

If more than one site is being hosted, you'll need to either spoof the HTTP host header, or you need to modify your local %windir%\system32\drivers\etc\hosts file to resolve the host name to the IP address is question.  This would effectively bypass your DNS server(s) though unlikely achieve your desired result.

Regarding HTTPS and digital certificates, if you want the web server to respond (without error) to HTTPS requests based on the IP address, then you'll need have the certificate reissued to support multiple CNs, which include the IP address and relevant host names (e.g. 10.0.0.1, host, host.domain.local, host.example.com )

Please note this is not typical, as the general assumption is humans prefer domain names as opposed to IP addresses.  However, it's still possible to do.

Using IIS and SelfSSL7 as an example, you could accomplish this using the following command:

selfssl7 /n cn=localhost;cn=10.0.0.1;cn=host;cn=host.domain.local;cn=host.example.com /k 2096 /t /q /i

Open in new window


Of course this is a self-signed certificate, and would need to be trusted by any client viewing the website over HTTPS.

A TLS extension called Server Name Indication (SNI) allows a server to present multiple certificates on the same IP address and port number.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Although it can be difficult to imagine, someday your child will have a career of his or her own. He or she will likely start a family, buy a home and start having their own children. So, while being a kid is still extremely important, it’s also …
Color can increase conversions, create feelings of warmth or even incite people to get behind a cause. If you want your website to really impact site visitors, then it is vital to consider the impact color has on them.
Learn how to set-up custom confirmation messages to users who complete your Wufoo form. Include inputs from fields in your form, webpage redirects, and more with Wufoo’s confirmation options.
The is a quite short video tutorial. In this video, I'm going to show you how to create self-host WordPress blog with free hosting service.

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question