CDR: Re: Fwd: First Site

Bill Stewart bill.stewart at pobox.com
Thu Nov 16 00:58:16 PST 2000 

At 11:20 PM 11/15/00 -0500, David Marshall wrote:
>ellie900 at usa.com writes:
>
>> THE NEW LINK FOR OUR SITE.
>> SORRY FOR ANY TROUBLE YOU MAY HAVE HAD WITH THE OLD LINK.
>> THIS ONE HAS ALL THE CORRECTIONS
>> 
>> http://3638141293/36/1059436/legal.html
>
>One boggles when some idiot who spams refers to a URL as a "line," and
>then can't even give a valid URL.   What did they do, convert the IP to
>a single value and then translate it to decimal? Why? 
>It's obviously to dodge complaints. I have to wonder about anybody who
>would write a browser which accepts something like that in the first
>place. 

Yes, they referred to it a as a "link", and it works.
Haven't you seen this crap before?  Many spammers use it
for just the reason you suggest, dodging complaints,
because it's too annoying to look up "3638141293" in whois
or write to "abuse" there, unlike looking up stupid.user.bigisp.net.
Netscape accepts it just fine; I assume Internet Exploiter does too,
even though I've never seen it used except by spammers.

Joe Baptista points out that Unix traceroute accepts it:
> # traceroute 3638141293
> traceroute to 3638141293 (216.217.161.109), 30 hops max, 40 byte packets
which I found new and interesting news.
So I checked and Win98's MS-DOS ping and tracert both also support it,
and with tracert, you get name lookup as well.

I disagree with Joe's comment that 
"The decimal format is part of the way the internet works."
It's not.  It's part of the way the dns name resolver libraries
used by several popular operating systems or application packages work.
The Internet works on DNS name resolution and on IP addresses that are
32-bit binary numbers, and while the standards say you're *supposed* to
display those as dotted-quad decimal for human readability,
they probably don't exactly *require* you not to also accept other formats,
though hex would be much less rude than decimal :-)

I found the following chunk of traceroute interesting:
> 7  wbb1-pos2-0.pop1.ut.home.net (24.7.75.142)  72.083 ms  69.725 ms 59.08 ms
> 8  10.253.92.34 (10.253.92.34)  63.26 ms  65.591 ms  86.966 ms
> 9  216.217.161.109 (216.217.161.109)  62.396 ms  58.283 ms  60.437 ms

Looks like either the spammer's got a machine that's using multiple addresses,
one of them a non-routable 10.x address, which makes checking on it hard,
or else it's a NAT box, or else @Home's playing cute tricks to reduce
crackers, using a 10.x network internally so they and their customers
can access their head end routers but people from the real world can't.



				Thanks! 
					Bill
Bill Stewart, bill.stewart at pobox.com
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639

More information about the cypherpunks-legacy mailing list