Firstly, is DNS Spoofing a real threat still these days?

Secondly, if it is to be taken seriously, how can one protect against it from an application (written in C) that is accessing a known web site (i.e. where the IP address is known as well as the domain name) to download sensitive information.

After having accessed the site (using the domain name),
is there a service call that can be made to retrieve the IP address of the site reached (so that this can be compared with the IP address stored locally?

Alternatively, is it feasible (and correct) just to use the known IP address, rather than the domain name, to access the site in the first place?

DNS Spoofing is still a problem :(

Originally posted by Batch
Firstly, is DNS Spoofing a real threat still these days?

From what I have read, the common methods of spoofing were solved with updated BIND software and making sure that DNS servers and routers are setup correclty.

I did find a recent article that says spoofing is still a big security risk though: http://www.xs4all.nl/~rmeijer/spoofing.html


Secondly, if it is to be taken seriously, how can one protect against it from an application (written in C) that is accessing a known web site (i.e. where the IP address is known as well as the domain name) to download sensitive information.

See above article for ways to prevenet DNS spoofing or do a search on Google for DNS spoofing to find relavent articles.

After having accessed the site (using the domain name),
is there a service call that can be made to retrieve the IP address of the site reached (so that this can be compared with the IP address stored locally?

I do not understand this question, but from what little I know about spoofing, its not used to enter directly into websites but to reroute the data that is being sent to websites vulnerable to spoofing. I could be wrong though.

Alternatively, is it feasible (and correct) just to use the known IP address, rather than the domain name, to access the site in the first place?

Once again, I'm not clear on what you are asking, but I don't think spoofing can be done with just an IP address. Spoofing is done by having a hacked up DNS server that fools queries into thinking it is the real DNS server and then can reroute the queries to another website instead of the real website.

Kevin,

Thanks for your reply.

I did a search on Google before posting the query. As so many of the articles are undated, it is not possible to tell what is current information - hence the request as to whether DNS Spoofing is stilla threat.

Regarding the other questions let me try and clarify.

If I have an application, which has to hand both the domain name and the IP address that using that domain name should reach, if I (attempt to) access the web site using the domain name can I then obtain the IP of the site that I have actually reached in order to compare it with the IP address I wanted to reach.

I have also been informed that accessing the site directly using the IP address is not foolproof as the same IP address may be used for more than one domain name.

Batch

hmmmm..... I don't know if you can "trace" a connection back to its source to determine the real IP address. Its sounds possible but you would probably need special equipment/software to do it. You might want to ask around on some hacker sites or hacker newsgroups.
Using a Perl script you can get the IP address using the ENV variables, I believe the ENV for the IP address is:
$ENV{'SERVER_ADDR'}

In regards to using the IP address to verify if you have actually gone to the website you wanted to, it sounds possible but since I've never done anything like that I can't say with any degree of certainty how reliable that is.

Yes its true that many IP addresses can be used to direct queries to a single domain name, in theroy I guess any number of IP addresses could be used.

DNS Spoofing is still a threat because some servers are still not secure and are spoofable.But nowdays most servers are secure DSN servers.

If the guy who is spoofing stores the original website or his version of the website in his server then when you compare it with the IP address you wanted to reach then it would be diffrent.But nowdays no one uses this method.Nowdays everyone uses a technique called Man in the middle attack.In this method the hacker gets his server between the user and the original website.So all the data transfer between the user and the web site's server goes through the hackers server.When you compare the IP address would be the same if the hacker uses this method.
Your right accessing websites directly using the IP address is not foolproof.