On Tue, 29 Nov 2011, Martin Gregorie wrote:
On Mon, 2011-11-28 at 18:35 -0800, jdow wrote:
It is a way of obfuscating that's over the top and nobody has a way to
get those oddball formulations easily from standard tools. They become
an excellent way of leading people to strange addresses with strings
that include ?ASFDikmedsfok3l1masdh sort of text following the index.html.
OK, here's a pair of data points: on my system 192.168.7.2 is the IP of
a web server on port 80.
I tried feeding "000192.000168.0007.0002" to Lynx and Opera as the sole
command line argument:
lynx 2.8.7 tried several variations on the input theme before giving up.
The permutations it tried show that it thought it was
dealing with a malformed host name.
opera 11.52 reported that this URL was garbage and quit, so it too
thought it was a host name rather than an IP address.
Both accept "192.168.7.2" as a valid IP when entered as a command line
argument or from a display screen as described above.
Did you try it with the proper octal conversions of the octets in that
address? 00192 and 00168 are not valid octal numbers.
At my site:
lynx 2.8.7:
lynx http://0012.0012.0012.0012/
No errors reported, no apparent attempts to re-parse the URL. Manually
interrupted the session after a few seconds spinning.
squid proxy logged:
1322539361.125 3765 10.1.0.202 TCP_MISS/000 0 GET http://10.10.10.10/ -
DIRECT/10.10.10.10 -
links 2.3:
links http://0012.0012.0012.0012/
No errors reported, no apparent attempts to re-parse the URL. Manually
interrupted the session after a few seconds spinning.
squid proxy logged:
1322539627.158 3007 10.1.0.202 TCP_MISS/000 0 GET http://10.10.10.10/ -
DIRECT/10.10.10.10 -
firefox 8.0:
Error: Firefox can't establish a connection to the server at
0012.0012.0012.0012.
squid proxy logged no connection attempt.
Removing the leading zeros it behaves as a standard DQ URL and does go
via the proxy.
epiphany 2.30:
No errors reported, no apparent attempts to re-parse the URL. Manually
interrupted the session after a few seconds spinning.
squid proxy logged:
1322540095.467 39169 10.1.0.202 TCP_MISS/000 0 GET http://10.10.10.10/ -
DIRECT/10.10.10.10 -
seamonkey 2.4.1:
No errors reported, no apparent attempts to re-parse the URL. Manually
interrupted the session after a few seconds spinning.
squid proxy logged:
1322540248.762 9369 10.1.0.202 TCP_MISS/000 0 GET http://10.10.10.10/ -
DIRECT/10.10.10.10 -
iOS 5.01 Safari:
No errors reported, no apparent attempts to re-parse the URL. Manually
interrupted the session after a few seconds spinning.
squid proxy logged:
1322540585.161 23690 10.1.0.12 TCP_MISS/000 0 GET http://10.10.10.10/ -
DIRECT/10.10.10.10 -
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
does quite what I want. I wish Christopher Robin was here."
-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
27 days until Christmas
