"Anyone has a good explaination for this ? "
I'll leave it to you to decide if the explanation is good ...
"Windows NT utilities can accept Internet Protocol (IP) addresses comprised of decimal, octal, or hexadecimal numbers. This can cause confusion if you unintentionally use a leading zero in a decimal octet. With a leading zero, the number is resolved by these utilities as an octal number, thus specifying the wrong IP address. "
http://support.microsoft.com/default.aspx?scid=kb;en-us;115388
Interesting. Of course, it's also a little bit...off:
C:\>ping 090.090.090.090
Pinging 72.72.72.72 with 32 bytes of data:
Request timed out.
Ping statistics for 72.72.72.72:
Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Control-C
^C
C:\>If this were truly octal, 9's should be invalid (as should 8's). Instead, we have some base-10/base-8 hybrid that they decided to call "octal."
Note: Linux (RedHat and Debian, anyway) appear to do the "preceeding 0=>octal" bit also, but they properly filter the 090 to be something unknown.
This really doesn't look like a security issue, though. Just lazy coding. (Feel free to prove me wrong.)
Aaron
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
