> http://3626046468/ or http://3518332314/
>
> or http://3626046468/ab2/cybercards/moreinfo.html
>
> ?? It never can seem to resolve them. Yet I can traceroute to the
> dotless
> address just fine.
>
These are illegal URLs, generally only used by illegal sites;
typically the web site that supports a spammer and is expected
to survive a few hours longer than the spamming account.
Their intention is to:
- confuse content filtering rules on proxies, and possibly some
browsers' idea of whether they are trusted sites on the local
intranet;
- confuse whois (?);
- make people think they are not IP addresses and unknown
domain names, in an attempt to stop them trying to locate and
complain to the ISP.
Any browser or proxy that works with them should be considered a
security risk.
The first and third examples would produce a report to
abuse@angelfire.com (although the first is very unlikely), and in
that case, in the case of a spamming incident, at least, would
get the site closed pretty quickly.
The second would produce a report to abuse@uswest.net, with a
lesser expectation of a prompt site closure.
13 210 ms 211 ms 210 ms uswtuc-t3-gw.customer.alter.net [15
]
14 211 ms 210 ms 210 ms tcsn-cust.tcsn.uswest.net [207.108.
15 220 ms 220 ms 231 ms 207.108.114.110
16 240 ms 220 ms 231 ms 209.181.125.154
Received on Thu Sep 02 1999 - 11:35:54 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:14 MST