Please Whitelist This Site?

I know everyone hates ads. But please understand that I am providing premium content for free that takes hundreds of hours of time to research and write. I don't want to go to a pay-only model like some sites, but when more and more people block ads, I end up working for free. And I have a family to support, just like you. :)

If you like The TCP/IP Guide, please consider the download version. It's priced very economically and you can read all of it in a convenient format without ads.

If you want to use this site for free, I'd be grateful if you could add the site to the whitelist for Adblock. To do so, just open the Adblock menu and select "Disable on tcpipguide.com". Or go to the Tools menu and select "Adblock Plus Preferences...". Then click "Add Filter..." at the bottom, and add this string: "@@||tcpipguide.com^$document". Then just click OK.

Thanks for your understanding!

Sincerely, Charles Kozierok
Author and Publisher, The TCP/IP Guide


NOTE: Using software to mass-download the site degrades the server and is prohibited.
If you want to read The TCP/IP Guide offline, please consider licensing it. Thank you.

The Book is Here... and Now On Sale!

Enjoy The TCP/IP Guide? Get the complete PDF!
The TCP/IP Guide

Custom Search







Table Of Contents  The TCP/IP Guide
 9  TCP/IP Application Layer Protocols, Services and Applications (OSI Layers 5, 6 and 7)
      9  TCP/IP Key Applications and Application Protocols
           9  TCP/IP Application Layer Addressing: Uniform Resource Identifiers, Locators and Names (URIs, URLs and URNs)
                9  Uniform Resource Locators (URLs)

Previous Topic/Section
URL Length and Complexity Issues
Previous Page
Pages in Current Topic/Section
12
3
4
Next Page
Uniform Resource Names (URNs)
Next Topic/Section

URL Obscuration, Obfuscation and General Trickery
(Page 3 of 4)

Bogus Authentication Information

HTTP URLs theoretically support the inclusion of authentication information, by including “<user>:<password>@” before the host in the URL. Yet the vast majority of Web sites are “open” and neither require nor use it. If you specify an authentication string and it is not needed, it is ignored.

This is one of the most popular techniques at present. One way it is used is by including “authentication information” that looks like a “benign” host, to make the user think the URL is for that host. For example, if I wanted to trick you into visiting The PC Guide, I might use this URL to make it look like clicking it would go to CNN:

<http://www.cnn.com@www.PCGuide.com>

This is still too obvious, however, so this “method” is often combined with some of the techniques below.

Deceptive Character Encoding

The use of the percent sign to encode special characters such as spaces and punctuation can also be abused to obscure the name of a domain. For example, the following is another way of expressing the DNS name for The PC Guide:

<http://%57%57%57.%50%43%47%55%49%44%45.%43%4F%4D>

Try it. J

IP Address Math Trickery

Okay, this is where things get really bizarre. Most of the time, we express an IP address as a dotted decimal number. Remember, however, that to computers, the IP address is just a 32-bit binary number. Most browsers support a rather shocking number of methods for expressing these numbers. This is unfortunate, because this flexibility is really not needed and almost never used for legitimate purposes. It can lead to some really bizarre URLs that are unrecognizable, or that look like regular IP addresses but are not.

Here are some examples, all of which are the same as the IP address form of The PC Guide (<http://209.68.14.80>):

  • IP Address in Dotted Octal: A leading zero signifies an IP address where each byte is in octal:
<http://0321.0104.016.0120>
  • IP Address in Dotted Hexadecimal: A leading zero followed by an “x” signifies an IP address where each byte is in hexadecimal:
<http://0xD1.0x44.0x0E.0x50>.
  • IP Address As Single Number: We can even take the entire 32-bit number and express it as a single number and that will work too. In decimal:
<http://3510898256/>
In octal:
<http://032121007120/>
And, in hexadecimal:
<http://0xd1440e50/>.

Previous Topic/Section
URL Length and Complexity Issues
Previous Page
Pages in Current Topic/Section
12
3
4
Next Page
Uniform Resource Names (URNs)
Next Topic/Section

If you find The TCP/IP Guide useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider purchasing a download license of The TCP/IP Guide. Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

The TCP/IP Guide (http://www.TCPIPGuide.com)
Version 3.0 - Version Date: September 20, 2005

Copyright 2001-2005 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.