Full Disclosure mailing list archives
RE: strange domain name in phishing email
From: "Arley Barros Leal" <arley.leal () sonae com>
Date: Thu, 16 Mar 2006 16:22:59 -0000
Hmmm...isn't that a base-10 representation? One may use the IP base-10 for phishing, one classic example would be: <a href="http://www.vatican.com@3634596099/">www.vatican.com</a> You may also use the base-10 representation for ping, nslookup and so on...it works for me at least... For some sites I was indeed able to bypass a (thousand-dollars) content filtering engine using this hack.. Cheers, Arley Silveira. Sénior Systems Engineer Cisco VPN/Firewall Specialist, CCNA, MCSE Security, MCSA, MCP+I, Security+, iNET+, OCP, CIWA -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Juha-Matti Laurio Sent: quinta-feira, 16 de Março de 2006 Arley @ 16:03 To: Michael Holstein; full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] strange domain name in phishing email It seems that this case has the name Dotless IP Address Security Issue and KB article #168617 http://support.microsoft.com/?kbid=168617 describes it even in IE4. Correct if I'm wrong. - Juha-Matti
IIRC, Microsoft changed that as one of the security updates to IE. For a time, it was a popular phishing trick. I also remember there was a way to do that (or something similar) to bypass the security zones in IE and make it think it was a trusted site, but can't find that reference at hand. The "rest" of windows will still do it though. Try "ping 2887060730" or "telnet 2887060730 80". ~Mike.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Attachment:
smime.p7s
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: strange domain name in phishing email, (continued)
- Re: strange domain name in phishing email Q Beukes (Mar 15)
- RE: strange domain name in phishing email Edward Pearson (Mar 14)
- RE: strange domain name in phishing email auto62996 (Mar 14)
- Re: strange domain name in phishing email Michael Holstein (Mar 14)
- Re: strange domain name in phishing email sheeponhigh (Mar 14)
- Re: strange domain name in phishing email Dave Korn (Mar 15)
- Re: Re: strange domain name in phishing email Michael Holstein (Mar 15)
- Re: strange domain name in phishing email Michael Holstein (Mar 14)
- Re: strange domain name in phishing email Alice Bryson (Mar 14)
- Re: strange domain name in phishing email James Longstreet (Mar 15)
- Re: strange domain name in phishing email Dave Korn (Mar 16)
- Re: Re: strange domain name in phishing email Valdis . Kletnieks (Mar 16)
- Re: Re: strange domain name in phishing email Steve Kudlak (Mar 16)