The reason to get use this type of URL is to get around filters like WebSense or to
make it harder for people to use tools like
ARIN/WHOIS etc, to report abuse.
.
I am sure the LATEST version of WebSense blocks this, but when I did testing with
versions prior to 4.3
and several other filtering products, I found that the blocking did not always work:
http://www.playboy.com result, access denied.
nslookup www.playboy.com
http://209.247.228.201 result, access allowed
http://3522684105 result, access allowed.
----- Original Message -----
From: "Paul D. Robertson" <[EMAIL PROTECTED]>
To: "Network Operations" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, April 24, 2001 8:42 AM
Subject: Re: [Awfully OT] Who can explain this address scheme?
> On Mon, 23 Apr 2001, Network Operations wrote:
>
> > This actually has a lot of relevance since dword conversion is a
> > convenient way to subvert many of our security systems.
>
> I'm not sure how you drew this conclusion? For anything that's not doing
> a direct string match, unless it's incredibly poorly written software, the
> addresses in network byte order should be what's compared for access
> control in a security system (since that's what's necessary for the
> address to be used- though I suppose that normalization prior to
> comparison is the actual network and I think I've used host byte order
> in the past myself.)
>
> Can you quantify "many" for us, since outside of URL filters (which if
> someone's calling them a security system, is specious at best) I can't
> think of anything that cares what the address looks like at the command
> line that would allow for "subversion" (I can imagine perhaps packet
> filtering FTP firewalls not allowing the connections back- that's not a
> subversion though.) Where packet filters do a string match on
> client or server supplied data, you'll get a mismatch, but every instance
> I can think of means denial of access not "subversion."
>
> I'm really stretching to think of things that would be adversely affected,
> so any quantification you could bring would be highly appreciated.
>
> Thanks,
>
> Paul
> -----------------------------------------------------------------------------
> Paul D. Robertson "My statements in this message are personal opinions
> [EMAIL PROTECTED] which may have no basis whatsoever in fact."
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
