Octal Version of Dotted Quad

[Dale H. Cook]

I saw a new twist today - a spammer using an octal version of the dotted quad. The address in the URL was 0102.0254.0302.0111, which at first glance looks like a decimal dotted quad with leading zeros. It isn't - the giveaway is the "0302" which is outside the decimal range of 0 to 255. These are all octal numbers, and Firefox translated it to the decimal quad 66.172.194.73 and took me to the spammer's site.

Have any of you seen this before? If anyone runs across it and needs an octal-to-decimal translator to get a conventional address for Whois, I suggest Tony Marston's converter:

http://www.tonymarston.net/php-mysql/converter.php

[turetzsr]

<snip>

If anyone runs across it and needs an octal-to-decimal translator to get a conventional address for Whois, I suggest Tony Marston's converter:

http://www.tonymarston.net/php-mysql/converter.php

...For those who, like me, are forced (or choose) to use Microsoft Windows, the standard Windows Calculator has a means to convert amongst octal, hex and decimal.

[Farelf]

And for those wishing to poke a stick at such sites (wouldn't recommend it, myself¹) LinkScanner handles the octal addresses just fine.

¹LinkScanner, logically and on observation, can only recognize some fraction of the exploits "out there" at any given time.