Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Thu 13 Dec 2018, 09:23
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Why not use IP numbers instead of DNS?
Post new topic   Reply to topic View previous topic :: View next topic
Page 2 of 2 [29 Posts]   Goto page: Previous 1, 2
Author Message
belham2

Joined: 15 Aug 2016
Posts: 1628

PostPosted: Mon 12 Nov 2018, 14:53    Post subject:  

Flash wrote:
Belham2, I see that Puppy has traceroute. I've never used it. It seems like it might tell us what we want to know. Here's a YouTube video describing traceroute and how to use it. How do I find the forum's IP address?

Right here, the guy seems to say that R1 (his name for the first server the packet hits) is the DNS server. I can't really tell because he talks too fast.

This guy definitely implies here that the DNS server is not called into play unless you use a host name instead of an IP address.


Hi Flash,

Nice Youtube find!

This is what I used for "www.murga-linux.com": '45.33.15.200/puppy/'

(have to add the "/puppy" part as if you just do 45.33.15.200 it takes you to a single page with John saying 'puppy linux home is under construction..." haha Laughing

I used the WHOIS gang (Ultratools) to convert the www to an IP, they've always hit the nail on the head when I test the responses they give:

https://www.ultratools.com/tools/ipWhoisLookupResult


Since I am over here across the pond, I think the dang GPDR stuff gives all ISP providers here the right to snoop & save (for two years) every darn site I go to. I am not entirely convinced we can bypass a DNS Server even if we use IPs only in our browsers.

It's be nice if that was the case, though. Gonna watch the Youtube several times and see if I can decipher what he is truly saying.
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 13109
Location: Arizona USA

PostPosted: Mon 12 Nov 2018, 15:34    Post subject:  

Belham2, I think this video is more informative. If I understand all this correctly, even if you don't use a DNS server, you still must go through your ISP which has to be able to see the IP address in order to forward the packets onward to the forum's server. Your ISP and every other server along the line that traceroute finds. I don't see how you gain much security-wise by not using DNS.
Back to top
View user's profile Send private message 
s243a

Joined: 02 Sep 2014
Posts: 1311

PostPosted: Mon 12 Nov 2018, 15:57    Post subject:  

Flash wrote:
Belham2, I think this video is more informative. If I understand all this correctly, even if you don't use a DNS server, you still must go through your ISP which has to be able to see the IP address in order to forward the packets onward to the forum's server. Your ISP and every other server along the line that traceroute finds. I don't see how you gain much security-wise by not using DNS.


Some websites are blocked by DNS servers. Also a DNS server can help man-in-the-middle someone, especially if the site isn't using TLS (aka HTTPS). Finally a DNS server is just one more actor that could log someones network activity. One wants to be especially careful about DNS leaks if they are using something like tor.
Back to top
View user's profile Send private message 
belham2

Joined: 15 Aug 2016
Posts: 1628

PostPosted: Mon 12 Nov 2018, 17:11    Post subject:  

Flash wrote:
Belham2, I think this video is more informative. If I understand all this correctly, even if you don't use a DNS server, you still must go through your ISP which has to be able to see the IP address in order to forward the packets onward to the forum's server. Your ISP and every other server along the line that traceroute finds. I don't see how you gain much security-wise by not using DNS.


Flash & s243a,

What do you guys think or make of this?:

https://www.securityweek.com/new-cloudflare-dns-app-brings-increased-privacy-mobile-devices"

The sentence that caught my eye was "....The 1.1.1.1 service is meant to provide users with increased privacy by preventing Internet Service Providers from seeing which websites a user accesses."

If our ISPs (outside of a VPN, of course) have to be able to see where we want to go---by reading either the www or the IP number---how can Cloudfare make this claim? What's true for mobile is true for us, right?

This (the example with Cloudfare) is why I get so dam# confused with this DNS stuff and how routing actually takes place from our computers to the final destination. And it is entirely possible I am just susceptible to marketing hyperbole from all these Net-related companies Confused
Back to top
View user's profile Send private message 
s243a

Joined: 02 Sep 2014
Posts: 1311

PostPosted: Mon 12 Nov 2018, 17:30    Post subject:  

belham2 wrote:
Flash wrote:
Belham2, I think this video is more informative. If I understand all this correctly, even if you don't use a DNS server, you still must go through your ISP which has to be able to see the IP address in order to forward the packets onward to the forum's server. Your ISP and every other server along the line that traceroute finds. I don't see how you gain much security-wise by not using DNS.


Flash & s243a,

What do you guys think or make of this?:

https://www.securityweek.com/new-cloudflare-dns-app-brings-increased-privacy-mobile-devices"

The sentence that caught my eye was "....The 1.1.1.1 service is meant to provide users with increased privacy by preventing Internet Service Providers from seeing which websites a user accesses."

If our ISPs (outside of a VPN, of course) have to be able to see where we want to go---by reading either the www or the IP number---how can Cloudfare make this claim? What's true for mobile is true for us, right?

This (the example with Cloudfare) is why I get so dam# confused with this DNS stuff and how routing actually takes place from our computers to the final destination. And it is entirely possible I am just susceptible to marketing hyperbole from all these Net-related companies Confused


Cloudfare, MITMs (Man-In-The-Middles), TSL (i.e. HTTPS communication). Even if there intent is noble the prize is too big for governments, and so governments will try hard to compromise them or pressure them for information.

This is why I liked DNSCrypt, there were many independent DNS providers that one could choose from. Centralizing key internet services like this into a few cloud providers makes the free exchange of information too easy to subvert.

That said clouldflare does provide cool services which might be helpful to a given individual but for the internet as a whole such extreme centralize is very destructive!
Back to top
View user's profile Send private message 
purple379

Joined: 04 Oct 2014
Posts: 103

PostPosted: Mon 12 Nov 2018, 19:12    Post subject: Firefox, any of you peruse the Firefox forums for info?
Subject description: I don't really have time right now.
 

I would also be interested if one of those involved with Brave Browser have anything to say.

I will look at this a few days from now, but I lack the knowledge set some of you folks have to interpret what one is reading/ to look at the replies.
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 13109
Location: Arizona USA

PostPosted: Mon 12 Nov 2018, 19:34    Post subject:  

S243a, it's hard to conclude anything from what I read about Cloudflare in the article belham2 linked to. I gather from it that what Cloudflare does is essentially provide an encrypted connection between its DNS server and your computer. Why that would help, I don't know. Your ISP and every other server along the traceroute path have got to be able to read the IP address of the packet's destination. Otherwise the packet never makes it.
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2711

PostPosted: Mon 12 Nov 2018, 19:43    Post subject:  

s243a wrote:
Flash wrote:
Belham2, I think this video is more informative. If I understand all this correctly, even if you don't use a DNS server, you still must go through your ISP which has to be able to see the IP address in order to forward the packets onward to the forum's server. Your ISP and every other server along the line that traceroute finds. I don't see how you gain much security-wise by not using DNS.

Some websites are blocked by DNS servers. Also a DNS server can help man-in-the-middle someone, especially if the site isn't using TLS (aka HTTPS).

HTTP with redirects to HTTPS are considered the easier targets. But even pure HTTPS alone is more vulnerable than HTTPS with HSTS.

For larger ISP's their top level routing table will map the entire internet, a collection of its own 'local' routings along with routings provided by other networks. Most likely reliable. As will be root DNS resolvers. The ISP however could be considered as a passive man-in-middle (mim), that gets to see/record your activities. When I ssh into a remote box and browse from there, my ISP only sees encrypted traffic to/from that remote ssh server and me, but I'm more exposed to harmful man in middle exploits. VPN's fall into that category (potentially greater risk of sharing your activities or even mis-routing your traffic).

It's a case of whether you're more concerned about local jurisdiction - your ISP knowing more about your activities, less inclined to induce harm, but potentially releasing private stuff to the state ... OR potential harmful man-in-middle due to using VPN/ssh, possibly via multiple hops across multiple jurisdictions that don't cooperate (which is slower also) - but where your ISP sees less detail (encrypted traffic between you and the first ssh server/VPN).

DNS resolution is a potential risk, reducing/eliminating a risk is obviously safer. Redirecting dns is one of the primary targets for any dark hat gaining access to a local network as that avoids having to penetrate into each individual PC's/systems and pwn's the whole net (breach one, pwn many).

_________________
( ͡° ͜ʖ ͡°) :wq
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2711

PostPosted: Mon 12 Nov 2018, 19:53    Post subject:  

Flash wrote:
S243a, it's hard to conclude anything from what I read about Cloudflare in the article belham2 linked to. I gather from it that what Cloudflare does is essentially provide an encrypted connection between its DNS server and your computer. Why that would help, I don't know. Your ISP and every other server along the traceroute path have got to be able to read the IP address of the packet's destination. Otherwise the packet never makes it.

A encrypted tunnel between you and a server will keep any communications within that private. Others, including your ISP won't see what names you were asking to be converted to IP's, so wont be able to monitor your traffic/requests other than a secret link occurred between you and that DNS server. When you follow that up with traffic then yes the ISP sees that (so conceptually could deduce what was actually contained within the secret dns communication) ... unless you also tunnel that traffic. In which case the ISP only gets to see that you had secret links between a dns server and a ssh/vpn server (no sight of anything the other side of that). If instead you used a open DNS that the ISP could see what IP you were looking up, combined with subsequent 'secret' traffic, then the ISP could just access the same site and often deduce what was contained within the secret packets. You need both the DNS and the transport to be secret, otherwise the content of both can be deduced and given both plain text and encrypted text you can deduce the cipher easily/quickly.

_________________
( ͡° ͜ʖ ͡°) :wq
Back to top
View user's profile Send private message 
s243a

Joined: 02 Sep 2014
Posts: 1311

PostPosted: Mon 12 Nov 2018, 20:19    Post subject:  

rufwoof wrote:
Flash wrote:
S243a, it's hard to conclude anything from what I read about Cloudflare in the article belham2 linked to. I gather from it that what Cloudflare does is essentially provide an encrypted connection between its DNS server and your computer. Why that would help, I don't know. Your ISP and every other server along the traceroute path have got to be able to read the IP address of the packet's destination. Otherwise the packet never makes it.

A encrypted tunnel between you and a server will keep any communications within that private. Others, including your ISP won't see what names you were asking to be converted to IP's, so wont be able to monitor your traffic/requests other than a secret link occurred between you and that DNS server. When you follow that up with traffic then yes the ISP sees that (so conceptually could deduce what was actually contained within the secret dns communication) ... unless you also tunnel that traffic. In which case the ISP only gets to see that you had secret links between a dns server and a ssh/vpn server (no sight of anything the other side of that). If instead you used a open DNS that the ISP could see what IP you were looking up, combined with subsequent 'secret' traffic, then the ISP could just access the same site and often deduce what was contained within the secret packets. You need both the DNS and the transport to be secret, otherwise the content of both can be deduced and given both plain text and encrypted text you can deduce the cipher easily/quickly.


And if one uses a good VPN it will have it's own DNSServices as part of the VPN. This will negate the need for clouldflare's service. This is good because it reduces the number of parties that could potentially spy on you by 1/2.
Back to top
View user's profile Send private message 
8Geee


Joined: 12 May 2008
Posts: 1751
Location: N.E. USA

PostPosted: Mon 12 Nov 2018, 20:29    Post subject:  

Flash, I think you've got it... Mr. ISP knows all and tells all. In the USA this essentially means Mr. ISP can insert ads, flag your news topics, and know your business. In a word, monetize. Of course theres an even darker 3rd-party aspect to all that knowledge.

As I have already opined before elsewhere here... The Government hates people that keep a secret, but the government keeps secrets from people every day.

FWIW
8Geee

_________________
Linux user #498913

Some people need to reimagine their thinking.
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2711

PostPosted: Mon 12 Nov 2018, 20:48    Post subject:  

Quote:
The Government hates people that keep a secret, but the government keeps secrets from people every day.

... but likes people to feel they are secure.

Internet encryption is predominately based on a mathematical calculation that is easy in one direction, difficult in the other. With a private key the calculation is simple, with a public key the calculation is difficult. And where that calculation process is extended as processing power increases, ideally to where even state owned supercomputer cluster take too long to reasonably calculate. Snowden however revealed how Intel preferred their users to use the internal, un-auditable random number generator. Where a pseudo random is even partially predictable so the processing time to make the difficult calculation can fall right down. And where the NSA had influence in that to the extent that the US and British are able to crack those difficult calculations relatively quickly/easily. Hack the random number generator and for instance assign a fixed seed and in effect the same apparently random sequence might be repeatedly produced ... as good as using a random key comprised of all zero's ... useless.

Fundamentally it could mean that weak/insecure systems could be compromised in a manner such that apparently secure/encrypted communications are as good as being open text. More likely from the Intel/Windows perspective (nix's have been more careful about pseudo random number generation). Running as root! Not so good as even just a brief single browser flaw could much more easily result in all private keys being exposed (and hence access to all past encrypted traffic, and/or the likes of rand being 'tweaked' to as good as invalidate any future encryption). Let along potentially opening up the entire local LAN due to dns redirection.

_________________
( ͡° ͜ʖ ͡°) :wq
Back to top
View user's profile Send private message 
catsezmoo

Joined: 09 Feb 2014
Posts: 26

PostPosted: Mon 12 Nov 2018, 21:27    Post subject:  

OP question was: Why not keep a list of IP addresses and use those instead of DNS?

Quote:
A public IP does not necessarily have to resolve to only one domain name. It is possible to have multiple domain names sharing one public IP address. This is a convenient best practice for hosting companies and organisations that allows them to lower the cost of placing domains on the internet. The reverse IP to Domain lookup tool can list all domains hosted that resolve to the same server. By entering the DNS name or IP address of the intended domain, the reverse IP to Domain lookup tool will query a search engine server for all domains presently hosted on the same server as the lookup domain. The DNS records of the results and that of the lookup domain are compared to determine whether both domains reside on the same server.

If a shared hosting server is used to host a domain, a reverse IP to domain lookup tool can help in search engine optimisation practices. Search engines may point to different domains as possible results to a query because the domains are hosted on the same server. Because of this, a domain’s page rank in a search engine can be affected by other domains that are hosted on the same server. Being aware of this can help in search engine placement to ensure that a domain is hosted on a server that does not have questionable content.
Majority of websites are served from shared webhosting servers. When your request for a domain arrives at the destination webserver, it performs a lookup and, transparent to you, applies "host header redirection" (http 302). You receive content served from subdirectory XYZ, and in the server's response the content is attributed to (what you see in your urlbar) the site, aka domain, reflected in your http request.

Also, and this is not covered in text I copypasted, many of the large websites employ multiple (hundreds) of geopositioned webservers, using transparent round-robin redirection to provide failover protection (among other benefits). Similarly, they frequently use an infrastructure which employ a gang of "front door" IP addresses, on-the-fly switching over to use of a different IP address (and updating their domain's DNS record) so they can pull a server offline for maintenance, or in response to a DDOS attempt.

There are online tools you can use to explore which site(s) resides on the same IP address as XYZ". A websearch query would be something like "reverse IP to domains lookup"
Back to top
View user's profile Send private message 
Burn_IT


Joined: 12 Aug 2006
Posts: 3322
Location: Tamworth UK

PostPosted: Tue 13 Nov 2018, 11:20    Post subject:  

It is simply that people remember names easier than they do numbers and names often give a clue as to what the site does???
_________________
"Just think of it as leaving early to avoid the rush" - T Pratchett
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 2 of 2 [29 Posts]   Goto page: Previous 1, 2
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0978s ][ Queries: 12 (0.0126s) ][ GZIP on ]