[Dshield] IP representation

Brian Dessent brian at dessent.net
Fri Aug 1 16:58:24 GMT 2003


David Klotz wrote:
> 
> Well, an IP address is just a set of 4 2-digit hex numbers really, isn't
> it?  So you ought ot be able to do a straight hex to decimal (I assume
> when you say long int you mean a base 10 integer) conversion.
> 
> Ie: 10.0.1.129 = 0A000181 = 167772545
> 
> Is that not correct?

You can do a lot more than that (I don't know which of these work with
which browsers):

base URL (these examples are from this link):
http://www.pc-help.org/obscure.htm

decimal:
http://7763631671/obscure.htm 

decimal w/overflow:
http://235396898359/obscure.htm 

octal:
http://0316.0277.0236.067/obscure.htm
http://00000000316.000277.00000236.00000000067/obscure.htm

hex: 
http://0xCE.0xBF.0x9E.0x37/obscure.htm
http://0xCeBF9e37/obscure.htm

hex w/overflow: 
http://0x9A3F0800CEBF9E37/obscure.htm 

mix & match: 
http://0xCE.191.0236.0x37/obscure.htm
http://206.191.40503/obscure.htm 
http://206.12557879/obscure.htm
http://0316.057717067/obscure.htm 
http://206.0277.0x9E37/obscure.htm 

Then combine this with the "username:pass at domain" format, and you can
really start to confuse people:

http://fake-domain.com@0316.191.0236.067/obscure.htm
http://fake-domain.com@235396898359/obscure.htm
http://fake-domain.com:something-else@0x9A3F0800CEBF9E37/obscure.htm 

(not sure all of those work, but at least in theory they're valid)

Brian




More information about the list mailing list