[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <8101CF6879C82549A86FC36CD8AD35AB0775C211@lx1exc2k002.optimus.pt>
Date: Thu Mar 16 16:23:13 2006
From: arley.leal at sonae.com (Arley Barros Leal)
Subject: strange domain name in phishing email
Hmmm...isn't that a base-10 representation? One may use the IP base-10 for phishing, one classic example would be:
<a href="http://www.vatican.com@...4596099/">www.vatican.com</a>
You may also use the base-10 representation for ping, nslookup and so on...it works for me at least...
For some sites I was indeed able to bypass a (thousand-dollars) content filtering engine using this hack..
Cheers,
Arley Silveira.
S?nior Systems Engineer
Cisco VPN/Firewall Specialist, CCNA, MCSE Security,
MCSA, MCP+I, Security+, iNET+, OCP, CIWA
-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Juha-Matti Laurio
Sent: quinta-feira, 16 de Mar?o de 2006 Arley @ 16:03
To: Michael Holstein; full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] strange domain name in phishing email
It seems that this case has the name Dotless IP Address Security Issue and KB article #168617 http://support.microsoft.com/?kbid=168617
describes it even in IE4.
Correct if I'm wrong.
- Juha-Matti
> IIRC, Microsoft changed that as one of the security updates to IE. For
> a time, it was a popular phishing trick. I also remember there was a
> way to do that (or something similar) to bypass the security zones in
> IE and make it think it was a trusted site, but can't find that reference at hand.
>
> The "rest" of windows will still do it though. Try "ping 2887060730"
> or "telnet 2887060730 80".
>
> ~Mike.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4621 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060316/dc3be7b0/smime.bin
Powered by blists - more mailing lists