The TCP/IP Guide  9  TCP/IP Application Layer Protocols, Services and Applications (OSI Layers 5, 6 and 7)       9  TCP/IP Key Applications and Application Protocols            9  TCP/IP Application Layer Addressing: Uniform Resource Identifiers, Locators and Names (URIs, URLs and URNs)                 9  Uniform Resource Locators (URLs)

URL Length and Complexity Issues 1 2 3 4 Uniform Resource Names (URNs)

Making Matters Worse: Combining Deceptive Tricks

As if these tricks weren't bad enough taken individually, we can have some real fun by combining them! For example, start with the regular PC Guide URL:

<http://www.PCGuide.com>

And convert it to IP:

<http://209.68.14.80>

Then add some bogus authentication gibberish:

<http://www.cnn.com@209.68.14.80>

And convert the real URL into a single number so it looks like a document on the CNN web site:

<http://www.cnn.com@3510898256>

Alternately, we can use the octal form, and even include lots of extra leading zeroes just for fun:

<http://www.cnn.com@0000000000000321.00000000104.00000000000016.00000120>

Believe it or not, this is just the tip of the iceberg. In some browsers, even the IP address numbers can be expressed using “percent sign” ASCII encoding!

While quite irritating, I must give these people points for creativity at least—some of the tricks are quite ingenious. At the same time, their inventiveness is potentially hazardous. While these false URLs are usually more a waste of time than anything harmful, there are sometimes good reasons a person would go to great lengths to hide the identity of a resource. Deceptive URLs are just one more danger that network administrators must deal with today.

URL Length and Complexity Issues 1 2 3 4 Uniform Resource Names (URNs)