Hmmm...isn't that a base-10 representation? One may use the IP base-10 for phishing, one classic example would be:
<a href="http://[EMAIL PROTECTED]/">www.vatican.com</a>
You may also use the base-10 representation for ping, nslookup and so on...it
works for me at least...
For some sites I was indeed able to bypass a (thousand-dollars) content
filtering engine using this hack..
Cheers,
Arley Silveira.
Sénior Systems Engineer
Cisco VPN/Firewall Specialist, CCNA, MCSE Security,
MCSA, MCP+I, Security+, iNET+, OCP, CIWA
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Juha-Matti Laurio
Sent: quinta-feira, 16 de Março de 2006 Arley @ 16:03
To: Michael Holstein; [email protected]
Subject: Re: [Full-disclosure] strange domain name in phishing email
It seems that this case has the name Dotless IP Address Security Issue and KB
article #168617 http://support.microsoft.com/?kbid=168617
describes it even in IE4.
Correct if I'm wrong.
- Juha-Matti
> IIRC, Microsoft changed that as one of the security updates to IE. For
> a time, it was a popular phishing trick. I also remember there was a
> way to do that (or something similar) to bypass the security zones in
> IE and make it think it was a trusted site, but can't find that reference at
> hand.
>
> The "rest" of windows will still do it though. Try "ping 2887060730"
> or "telnet 2887060730 80".
>
> ~Mike.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
