ITrain Homepage

Site Directory
Membership
Train-the-Trainer
Trainer Certification
Certified Training Materials
ITinfo E-zine
Responsible Training
White Papers
Trainer Resources
What's New
Speaking Engagements
Onsite Training
ITrain Gear



Popular Links
Speaking Engagements
Training Manuals
Certification
Train the Trainer
The Training Book
Technical Writing
Privacy Policy

Print this document

Google
Web ITrain.org

Dotless IP Security Bug

MSIE allows hackers into our systems

ITinfo Sponsor

ERROR: Random File Unopenable

ERROR: Random File Unopenable

The random file, as specified in the $random_file perl variable was unopenable.

The file was not found on your file system. This means that it has either not been created or the path you have specified in $trrandom_file is incorrect.

Internet Explorer And Dotless IP Security Bug

by Dave Murphy
ISSN 1535-3613

Dave Murphy, ITrain founder From the Microsoft website: Microsoft has released a patch that fixes a vulnerability with how Internet Explorer 4 determines what security zone a target server is in. By using this vulnerability, a malicious hacker could misrepresent the URL of their website, causing the site to be treated as it if were located on an intranet by Internet Explorer's Security Zones feature. This cannot happen accidentally, rather a malicious website operator must intentionally misrepresent the URL of their site by creating malicious code for users to be affected by this issue.

Microsoft highly recommends that users that have affected software installed on their systems should download and install the available patch as soon as possible.

The Dotless IP Address issue involves a vulnerability in Internet Explorer that could allow a malicious hacker to circumvent certain Internet Explorer security safeguards. This vulnerability makes it possible for a malicious web site operator to misrepresent the URL of an Internet web site and make it appear as if the machine is on the user's Local Intranet Zone. Internet Explorer has the ability to set security settings differently between different zones. By this means, a malicious site could potentially perform actions that had been disabled in the Internet Zone or Restricted Sites Zone, but is permitted in the Local Intranet Zone.

The nature of this vulnerability is that in determining what zone a web site belongs to, Internet Explorer interprets a 32-bit number (i.e. http://3513026787) as an all numeric host name, while the IP stack resolves this address to its equivalent dotted IP format (i.e. 209.100.136.227). Internet Explorer incorrectly considers this machine to be on the Local Intranet Zone, rather than in the Internet Zone, and could incorrectly apply security settings to the web server.

Note: The default configuration for both the Internet Zone and the Local Intranet Zone is Medium Security. However, there is one difference between these defaults: the Local Intranet Zone enables the automatic use of NTLM challenge response authentication with local intranet machines, while this option is disabled by default when talking with servers in the Internet Zone.

While there have not been any reports of customers being adversely affected by these problems, Microsoft has released a patch to address any risks posed by this issue. If you're a Windows 98 user, you may have already seen the Dotless IP update on the during your routine Win98 updates.

Calculating A Dotless IP Address

URLs are alphanumeric representations of IP octects, and all URLs that are based on a domain also have a corresponding IP address. For example, itrain.org is assigned to IP 209.100.136.227, and may be reached at address http://209.100.136.227/

To determine the Dotless IP address of a website, you must first know the IP address of the domain. You can determine that by asking your website hosting service or looking up your IP address in my handy-dandy IP lookup tool: http://dgl.com/ip.html

Once you've got the IP address of the website, you can calculate the Dotless IP address. Assume the IP URL is in the form of "http://aaa.bbb.ccc.ddd/"

The Dotless IP address, also called the "decimal address" can be calculated with this formula: decimal=aaa*16777216+bbb*65536+ccc*256+ddd

Multiplication Before Addition

Remember the standard order of mathematical operations (we all teach it in our Level 2 spreadsheet courses!): multiplication is evaluated before addition, so the equation could also be written: decimal=(aaa*16777216)+(bbb*65536)+(ccc*256)+ddd

For those of us who are math-challenged, here's an example. To find the Dotless IP address for address http://209.100.136.227:

1. Multiply the following equations:
1a. 209 * 16777216
1b. 100 * 65536
1c. 136 * 256

2. Then sum the equations of steps 1a-1c, and add 227

3506438144 + 6553600 + 34816 + 227 = 3513026787

3. The Dotless IP address of itrain.org, which is IP 209.100.136.227, is http://3513026787/

How's Your Math? Comments?

How's your math ability? Did you correctly figure out your Dotless IP address? Leave your comments on the message center, http:///msg/

Microsoft Corp
Message Center

Subscribe to ITinfo.
Receive computing and Internet news & tips
by subscribing to the ITinfo information service.
Type your Internet email address in the form, and click "Subscribe."
Email Address:

Previous issues are on our website at http://itrain.org/itinfo/.

International Association of Information Technology Trainers
PMB 616
6030-M Marshalee Dr
Elkridge, MD 21075-5987

410.567.5366
1.888.290.6200
fax 801.650.0423
Membership Director: member@itrain.org

Return to ITrain Homepage

Copyright © 2000 International Association of Information Technology Trainers, Ltd., All Rights Reserved

http://itrain.org/itinfo/1999/it990304.html
updated March 4, 1999