Wednesday, March 24, 2010

Evading URL filters the old way

From the linked article:

In their constant quest to find new and interesting ways to abuse the Internet, attackers recently have begun using an old technique to obfuscate URLs and IP addresses to bypass URL filters and direct users to malicious sites.

The technique takes advantage of the fact that modern browsers will allow users to specify IP addresses in formats other than base 10. So a typical IP address that looks something like this-- 192.10.10.1--can also be written in base 8, hexadecimal or a handful of other formats, and the browser will recognize it and take the user to the specified site


So better check a link twice if not trice when receiving that unexpected e-mail or link, if you realy want to click it even though the best rule is : "Received an unexpected mail or link , DON'T OPEN !"