Riddle me this ...
D. Hugh Redelmeier
hugh-pmF8o41NoarQT0dZR+AlfA at public.gmane.org
Sat Apr 1 22:22:51 UTC 2006
| From: Paul King <pking123-rieW9WUcm8FFJ04o6PK0Fg at public.gmane.org>
| I recently got a spam that had a link whose host was: http://1121829475/
|
| This actually led to an Internet site (http://www.lttnetsolutions.com/). Is this
| supposed to be the new format for ipv6? nslookup gives its IP as 66.221.194.166.
|
| That has got to be the strangest URL I have seen.
Linux man pages are a bit embarrassing. They don't accurately
describe what the code does or is supposed to do. This should be
described in inet_addr(3) but it isn't. Go to a BSD manual or the
Single UNIX(R) Secification:
http://www.opengroup.org/onlinepubs/007908799/xns/inet_addr.html
Values specified using dot notation take one of the following forms:
a.b.c.d
When four parts are specified, each is interpreted as a byte of
data and assigned, from left to right, to the four bytes of an
Internet address.
a.b.c
When a three-part address is specified, the last part is
interpreted as a 16-bit quantity and placed in the rightmost two
bytes of the network address. This makes the three-part address
format convenient for specifying Class B network addresses as
128.net.host.
a.b
When a two-part address is supplied, the last part is interpreted
as a 24-bit quantity and placed in the rightmost three bytes of
the network address. This makes the two-part address format
convenient for specifying Class A network addresses as net.host.
a
When only one part is given, the value is stored directly in the
network address without any byte rearrangement.
All numbers supplied as parts in dot notation may be decimal, octal,
or hexadecimal, as specified in the ISO C standard (that is, a leading
0x or 0X implies hexadecimal; otherwise, a leading 0 implies octal;
otherwise, the number is interpreted as decimal).
If I were dictator, I'd require the a.b.c.d form. All others are so
rarely used that they are confusing. And I'd require each component
to be decimal.
Spammers use these obscure forms to disguise what they are doing.
Ping treats this number as an IP address too, and reports which one in
the dotted quad form:
$ ping 1121829475
Warning: no SO_TIMESTAMP support, falling back to SIOCGSTAMP
PING 1121829475 (66.221.194.99) from 192.139.70.107 : 56(84) bytes of data.
Interestingly, "dig -x 1121829475" does the wrong thing:
$ dig -x 1121829475
...
;; QUESTION SECTION:
;1121829475.in-addr.arpa. IN PTR
...
The correct QUESTION SECTION would be:
;99.194.221.66.in-addr.arpa. IN PTR
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list