IP Information

Any feedback, suggestion, bug reports, problems....
Post Reply
User avatar
RobertJ
Posts: 8
Joined: Sun Aug 10, 2008 4:53 pm
Location: Chicago IL/Oconomowoc WI

IP Information

Post by RobertJ » Sun Aug 10, 2008 5:28 pm

I've been looking at the Javascript for this add-on and decided to take the easy way out. ;)

Is the IP address shown when hovering over the flag icon in the status bar from the Firefox DNS cache?

The reason for asking this question is to add another degree of security when I visit bank sites, etc.

The recent issues with cache poisoning of DNS servers has increased my level of paranoid behavior (already high). While I know my ISP has implemented the DNS patch, I just read an article that, with enough time and effort, a hacker can still get around the TXID and UDP randomization at the core of the patch.

I know the IP address ranges for all the sensitive sites I go to. My bit of extra security involves hovering over the flag to make sure the IP address of the page I'm on is in that range before logging in.

Thank you
FF 3.6 - Mac OS10.5.8
Computers I've used: IBM 7094/UNIVAC 1108/IBM 360/DEC PDP11/DEC VAX-11 780/DEC VAXstation 8000/Sun SPARCstation 2/Mac from 1984 to 2010

User avatar
DaveG
Flagfox Developer
Posts: 723
Joined: Wed Oct 03, 2007 9:06 pm
Location: Philadelphia, USA

Re: IP Information

Post by DaveG » Sun Aug 10, 2008 10:12 pm

RobertJ wrote:Is the IP address shown when hovering over the flag icon in the status bar from the Firefox DNS cache?
By definition, yes. All DNS hits go to Firefox's DNS cache, unless specifically told not to. If the cache doesn't have it, then it goes to any local DNS cache, then your ISP, then their ISP, etc. It's all one big cache system. ;)

Note that the Firefox cache doesn't persist that long. I forget what it is offhand, but I think it's only a matter of minutes.

The answer you really want is also yes, Flagfox's DNS hits should always be from only the Firefox DNS cache without the need to do a DNS lookup. You're already at the site before Flagfox attempts the resolution, so necessarily the DNS resolution was done to get there and it's guaranteed to be in the cache. (if Flagfox somehow magically ended up doing the resolve first, then it'd do a lookup and then the resolution for the page would hit the cache instead; same effect: one lookup) The special case being if you're proxied behind a SOCKS5 proxy doing remote DNS resolutions. (see Proxy/DNS FAQ thread)

The problem with DNS cache poisoning is that the whole system isn't exactly perfectly secure, by design. There's a lot of trust involved and every once in a while someone else finds a new way to exploit something, the recent one being a biggie. There's not much you can do about it, really. Yelling at your ISP to patch is pretty much the max. Flagfox (and other IP showing extensions) can be used to keep track of IPs for sites, but I would suggest you avoid getting too paranoid.

Post Reply