Spacer Sidebar Directory Map

The Training Book, the handbook for trainers

The Technical Writer's Checklist

 

ITrain - International Association of Computer Trainers Dotless IP Security Bug
MSIE allows hackers into our systems
ITINFO Sponsor
FastTips Newsletters

Want to publish technical newsletters for your clients and coworkers? Don't have the time to research & write the articles, let alone do the desktop publishing?

FastTips newsletters are hard-hitting, to-the-point newsletters filled with useful computer tips & tricks. Each one is pre-printed with your name, address, and phone number. They'll keep your clients begging for more.

Click for FastTips Newsletters for YOUR clients

Internet Poll
Have you attended a seminar via e-learning?
yes
no

poll archive

Internet Explorer And Dotless IP Security Bug
by Dave Murphy
ISSN 1535-3613

Dave Murphy, DGL President & ITrain founder From the Microsoft website: Microsoft has released a patch that fixes a vulnerability with how Internet Explorer 4 determines what security zone a target server is in. By using this vulnerability, a malicious hacker could misrepresent the URL of their website, causing the site to be treated as it if were located on an intranet by Internet Explorer's Security Zones feature. This cannot happen accidentally, rather a malicious website operator must intentionally misrepresent the URL of their site by creating malicious code for users to be affected by this issue.

Microsoft highly recommends that users that have affected software installed on their systems should download and install the available patch as soon as possible.

The Dotless IP Address issue involves a vulnerability in Internet Explorer that could allow a malicious hacker to circumvent certain Internet Explorer security safeguards. This vulnerability makes it possible for a malicious web site operator to misrepresent the URL of an Internet web site and make it appear as if the machine is on the user's Local Intranet Zone. Internet Explorer has the ability to set security settings differently between different zones. By this means, a malicious site could potentially perform actions that had been disabled in the Internet Zone or Restricted Sites Zone, but is permitted in the Local Intranet Zone.

The nature of this vulnerability is that in determining what zone a web site belongs to, Internet Explorer interprets a 32-bit number (i.e. http://3513026787) as an all numeric host name, while the IP stack resolves this address to its equivalent dotted IP format (i.e. 209.100.136.227). Internet Explorer incorrectly considers this machine to be on the Local Intranet Zone, rather than in the Internet Zone, and could incorrectly apply security settings to the web server.

Note: The default configuration for both the Internet Zone and the Local Intranet Zone is Medium Security. However, there is one difference between these defaults: the Local Intranet Zone enables the automatic use of NTLM challenge response authentication with local intranet machines, while this option is disabled by default when talking with servers in the Internet Zone.

While there have not been any reports of customers being adversely affected by these problems, Microsoft has released a patch to address any risks posed by this issue. If you're a Windows 98 user, you may have already seen the Dotless IP update on the during your routine Win98 updates.

Calculating A Dotless IP Address
URLs are alphanumeric representations of IP octects, and all URLs that are based on a domain also have a corresponding IP address. For example, itrain.org is assigned to IP 209.100.136.227, and may be reached at address http://209.100.136.227/

To determine the Dotless IP address of a website, you must first know the IP address of the domain. You can determine that by asking your website hosting service or looking up your IP address in my handy-dandy IP lookup tool: http://dgl.com/ip.html

Once you've got the IP address of the website, you can calculate the Dotless IP address. Assume the IP URL is in the form of "http://aaa.bbb.ccc.ddd/"

The Dotless IP address, also called the "decimal address" can be calculated with this formula: decimal=aaa*16777216+bbb*65536+ccc*256+ddd

Multiplication Before Addition
Remember the standard order of mathematical operations (we all teach it in our Level 2 spreadsheet courses!): multiplication is evaluated before addition, so the equation could also be written: decimal=(aaa*16777216)+(bbb*65536)+(ccc*256)+ddd

For those of us who are math-challenged, here's an example. To find the Dotless IP address for address http://209.100.136.227:

1. Multiply the following equations:
1a. 209 * 16777216
1b. 100 * 65536
1c. 136 * 256

2. Then sum the equations of steps 1a-1c, and add 227

3506438144 + 6553600 + 34816 + 227 = 3513026787

3. The Dotless IP address of itrain.org, which is IP 209.100.136.227, is http://3513026787/

How's Your Math? Comments?
How's your math ability? Did you correctly figure out your Dotless IP address? Leave your comments on the message center, http://dgl.com/msg/

Microsoft Corp
Message Center

Subscribe to ITINFO.
Receive computing and Internet news & tips
by subscribing to the ITINFO information service.
Type your Internet email address in the form, and click "Subscribe."
Email Address:

Damar Group, Ltd. helps business use technology.

ITINFO is again accepting sponsors. Sponsor messages are included in ITINFO's email newsletter and are permanently posted to DGL's website and online reference areas.

ITINFO is an electronic publication of Damar Group, Ltd., publisher of Training Express computer learning guides. Comments and submissions to info@dgl.com.

Previous issues are on our website at http://dgl.com/itinfo/.

updated March 4, 1999
http://dgl.com/itinfo/1999/it990304.html

Return to DGL homepage
Copyright © 1999, Damar Group, Ltd., All Rights Reserved