Create an Account
username: password:
 
  MemeStreams Logo

MemeStreams Discussion

search


This page contains all of the posts and discussion on MemeStreams referencing the following web page: OpenDNS Autofix: Very Bad Idea (tm). You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

OpenDNS Autofix: Very Bad Idea (tm)
by Acidus at 2:42 pm EDT, Jul 10, 2006

In return, sites like the notoriously sluggish MySpace.com load significantly faster, thanks to the way OpenDNS caches IP addresses. Users who type "wordpres.sorg" or "craigslist.or" into their browser's address field are automatically routed to the correct address, instead of getting a 404 error page.

This is such a very bad idea. Any time you have a computer try to figure out what you meant at the end of a connection, you are creating a serious security vulnerability.

Prime example: Apache's mod_speling (SIC). If I send a request for indexh.tml, mod_speling detects the mistake and will serve back index.html. The problem is any security products like an IDS/IPS won't have this intelligence to try and "fix" the request before they analyze it. The IDS/IPS simply sees and logs a request for indexh.tml Modspelling, like this feature in OpenDNS, allows an attacker to side step the attack signatures on a IDS/IPS to exploit a site because the web server will "fix" the attack once it reaches its target.


There is a redundant post from jlang not displayed in this view.
 
 
Powered By Industrial Memetics