Re: [squid-users] Issues with Base 10 Decimal Bypassing Squidguard

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Tue, 11 Dec 2007 22:46:46 +0100

On tis, 2007-12-11 at 08:45 +0000, nathan.harris@yhfsc.org.uk wrote:
> Hi there,
>
> Here's an interesting one for you guys, I work P/T at a Local Authority
> ISP service based upon open source code.
>
> The kids Have recently realised that is you take
>
> www.playboy.com
>
> convert it to it's IP 216.163.137.3
>
> covert it to Binary
>
> 11011000 10100011 10001001 00000011
>
> then back into base 10 decimal
>
> 3634596099 now you enter this into your browser http://3634596099

Doesn't work for me when using the proxy. Correctly rejeced with "Name
Error: The domain name does not exist.".

> at first I was unsure if this was an april fools

No, it's a well known bug in many browsers, misreading numeric hostnames
as IP addresses.

Some forms:
http://216.163.137.3/
http://216.0xA3.137.3/
http://216.10717443/
http://0xD8A38903/
http://033050704403/

> Has anyone any idea how we can get squid to ignore Base 10 & Hex web
> requests? kids will be bypassing filtering platforms up and down the UK
> (or more probably have been for some time)

Are you running Squid in interception mode?

I ask because then there is a fallback on the original destination if
the requested hostname could not be found..

The following should trap those I think

http_reply_access deny !all

It's not perfect however..

Another option is to edit fwdStart() and change the last few lines in it
to always use the second commConnectStart() form not sending a my_addr
argument..

Regards
Henrik

Received on Tue Dec 11 2007 - 14:46:54 MST

This archive was generated by hypermail pre-2.1.9 : Tue Jan 01 2008 - 12:00:01 MST