<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article10_03_23_239225</id>
	<title>How To Evade URL Filters With (Not-So) Fancy Math</title>
	<author>timothy</author>
	<datestamp>1269343320000</datestamp>
	<htmltext>Trailrunner7 writes <i>"In their constant quest to find new and interesting ways to abuse the Internet, attackers recently have <a href="http://threatpost.com/en\_us/blogs/how-evade-url-filters-not-so-fancy-math-032210">begun using an old technique to obfuscate URLs and IP addresses</a> to bypass URL filters and direct users to malicious sites. The technique takes advantage of the fact that modern browsers will allow users to specify IP addresses in formats other than base 10. So a typical IP address that looks something like this &mdash; 192.10.10.1 &mdash; can also be written in base 8, hexadecimal or a handful of other formats, and the browser will recognize it and take the user to the specified site. What is interesting though is that due to the relative obscurity of using such methods to denote an IP or URL, it is quite feasible that existing security products do not correctly identify the URLs as valid or flag them as malicious when they point to existing known bad websites."</i></htmltext>
<tokenext>Trailrunner7 writes " In their constant quest to find new and interesting ways to abuse the Internet , attackers recently have begun using an old technique to obfuscate URLs and IP addresses to bypass URL filters and direct users to malicious sites .
The technique takes advantage of the fact that modern browsers will allow users to specify IP addresses in formats other than base 10 .
So a typical IP address that looks something like this    192.10.10.1    can also be written in base 8 , hexadecimal or a handful of other formats , and the browser will recognize it and take the user to the specified site .
What is interesting though is that due to the relative obscurity of using such methods to denote an IP or URL , it is quite feasible that existing security products do not correctly identify the URLs as valid or flag them as malicious when they point to existing known bad websites .
"</tokentext>
<sentencetext>Trailrunner7 writes "In their constant quest to find new and interesting ways to abuse the Internet, attackers recently have begun using an old technique to obfuscate URLs and IP addresses to bypass URL filters and direct users to malicious sites.
The technique takes advantage of the fact that modern browsers will allow users to specify IP addresses in formats other than base 10.
So a typical IP address that looks something like this — 192.10.10.1 — can also be written in base 8, hexadecimal or a handful of other formats, and the browser will recognize it and take the user to the specified site.
What is interesting though is that due to the relative obscurity of using such methods to denote an IP or URL, it is quite feasible that existing security products do not correctly identify the URLs as valid or flag them as malicious when they point to existing known bad websites.
"</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591262</id>
	<title>Yeah But...</title>
	<author>Greyfox</author>
	<datestamp>1269347400000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext>I actually preferred using a url with the 10 digit number that was my base 10 IP address in E-Mails as it got people's attention in an otherwise bland sea of domains. This has been a feature of libc as long as I can remember (in Linux you should be able to ping an IP address in some other number base) but Firefox actually makes an effort to disallow using IP addresses with this notation. So if they're using Firefox, it won't work so well.</htmltext>
<tokenext>I actually preferred using a url with the 10 digit number that was my base 10 IP address in E-Mails as it got people 's attention in an otherwise bland sea of domains .
This has been a feature of libc as long as I can remember ( in Linux you should be able to ping an IP address in some other number base ) but Firefox actually makes an effort to disallow using IP addresses with this notation .
So if they 're using Firefox , it wo n't work so well .</tokentext>
<sentencetext>I actually preferred using a url with the 10 digit number that was my base 10 IP address in E-Mails as it got people's attention in an otherwise bland sea of domains.
This has been a feature of libc as long as I can remember (in Linux you should be able to ping an IP address in some other number base) but Firefox actually makes an effort to disallow using IP addresses with this notation.
So if they're using Firefox, it won't work so well.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592414</id>
	<title>Trivial math to evade real world filters</title>
	<author>Anonymous</author>
	<datestamp>1269354000000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Trying to be a little bit useful and not slam on the OP.  My company does web based educational software.  When we first released product, we found that schools would filter out URLs containing strings which suggested games or fun.  Also, Windows Vista clients would block outgoing URL requests which contained 2 or more substrings which happened to be the same as certain rude words.</p><p>We found that running rot13 over URLs before they were transmitted between client and server (or vice versa) circumvented these very simple minded filters.</p></htmltext>
<tokenext>Trying to be a little bit useful and not slam on the OP .
My company does web based educational software .
When we first released product , we found that schools would filter out URLs containing strings which suggested games or fun .
Also , Windows Vista clients would block outgoing URL requests which contained 2 or more substrings which happened to be the same as certain rude words.We found that running rot13 over URLs before they were transmitted between client and server ( or vice versa ) circumvented these very simple minded filters .</tokentext>
<sentencetext>Trying to be a little bit useful and not slam on the OP.
My company does web based educational software.
When we first released product, we found that schools would filter out URLs containing strings which suggested games or fun.
Also, Windows Vista clients would block outgoing URL requests which contained 2 or more substrings which happened to be the same as certain rude words.We found that running rot13 over URLs before they were transmitted between client and server (or vice versa) circumvented these very simple minded filters.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591276</id>
	<title>Simple defense:</title>
	<author>gman003</author>
	<datestamp>1269347460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Never follow a link that isn't a DNS name. Someone should write an addon that disables IP addresses for links, since they are almost always pointed at evil sites anyways. The only time I enter an IP is to connect to one machine on the LAN.</htmltext>
<tokenext>Never follow a link that is n't a DNS name .
Someone should write an addon that disables IP addresses for links , since they are almost always pointed at evil sites anyways .
The only time I enter an IP is to connect to one machine on the LAN .</tokentext>
<sentencetext>Never follow a link that isn't a DNS name.
Someone should write an addon that disables IP addresses for links, since they are almost always pointed at evil sites anyways.
The only time I enter an IP is to connect to one machine on the LAN.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31594264</id>
	<title>Couldn't get it to fly</title>
	<author>Anonymous</author>
	<datestamp>1269368760000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext><p>Bad address, invalid url, a host of other stuff.  Its just me trying to access cups on Linux (127.0.0.1:631), the printer control beastie.  If I use http://127.0.0.1:631, everything pops up fine.  I tried http://0x7F.0x00.0x00.0x01:0x277 or http://0x7F.0x00.0x00.0x01:631 or http://0x7F00001:631 or http://0x7F00001:0x277 (or any of the other combinations, not just hexidecimal but also octal and binary (I didn't try pental, base 5 just doesn't seem very computery), and all I got was "bad url" or "malformed IP address" and the like.  Firefox 3.5.8 on Linux (ubuntu with the 2.6.33.1 kernel).  Just would not work here.  I paid a lot of attention because I run a website (and the server) and don't want SQL injection, buffer overflows, cross site scripting, cross site script forgery or other malware floating across the net.  I don't want to be infected or affected, and don't want to spread any to anywhere else.</p></htmltext>
<tokenext>Bad address , invalid url , a host of other stuff .
Its just me trying to access cups on Linux ( 127.0.0.1 : 631 ) , the printer control beastie .
If I use http : //127.0.0.1 : 631 , everything pops up fine .
I tried http : //0x7F.0x00.0x00.0x01 : 0x277 or http : //0x7F.0x00.0x00.0x01 : 631 or http : //0x7F00001 : 631 or http : //0x7F00001 : 0x277 ( or any of the other combinations , not just hexidecimal but also octal and binary ( I did n't try pental , base 5 just does n't seem very computery ) , and all I got was " bad url " or " malformed IP address " and the like .
Firefox 3.5.8 on Linux ( ubuntu with the 2.6.33.1 kernel ) .
Just would not work here .
I paid a lot of attention because I run a website ( and the server ) and do n't want SQL injection , buffer overflows , cross site scripting , cross site script forgery or other malware floating across the net .
I do n't want to be infected or affected , and do n't want to spread any to anywhere else .</tokentext>
<sentencetext>Bad address, invalid url, a host of other stuff.
Its just me trying to access cups on Linux (127.0.0.1:631), the printer control beastie.
If I use http://127.0.0.1:631, everything pops up fine.
I tried http://0x7F.0x00.0x00.0x01:0x277 or http://0x7F.0x00.0x00.0x01:631 or http://0x7F00001:631 or http://0x7F00001:0x277 (or any of the other combinations, not just hexidecimal but also octal and binary (I didn't try pental, base 5 just doesn't seem very computery), and all I got was "bad url" or "malformed IP address" and the like.
Firefox 3.5.8 on Linux (ubuntu with the 2.6.33.1 kernel).
Just would not work here.
I paid a lot of attention because I run a website (and the server) and don't want SQL injection, buffer overflows, cross site scripting, cross site script forgery or other malware floating across the net.
I don't want to be infected or affected, and don't want to spread any to anywhere else.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31599108</id>
	<title>Re:Yeah But...</title>
	<author>Anonymous</author>
	<datestamp>1269451080000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>but Firefox actually makes an effort to disallow using IP addresses with this notation. So if they're using Firefox, it won't work so well.</p></div><p>Actually, I'm using Firefox right now (v3.0) and it works quite well!</p></div>
	</htmltext>
<tokenext>but Firefox actually makes an effort to disallow using IP addresses with this notation .
So if they 're using Firefox , it wo n't work so well.Actually , I 'm using Firefox right now ( v3.0 ) and it works quite well !</tokentext>
<sentencetext>but Firefox actually makes an effort to disallow using IP addresses with this notation.
So if they're using Firefox, it won't work so well.Actually, I'm using Firefox right now (v3.0) and it works quite well!
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591262</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31620696</id>
	<title>I hope this feature stays</title>
	<author>gingrich</author>
	<datestamp>1269527460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>While the ability to do this is a plus for Phishers, it is also a plus for those of us soon to be living behind Conroy's[1] Great Firewall of Oz. I'd be betting that this would get straight past their filters. With this feature, just as long as they don't block DNS lookups of "banned" sites, the firewall will be a minor annoyance.<br><br>[1] Conroy - Senator Stephen Conroy -- Australian Minister for Communications and the Digital Economy -- He's in charge of building a fiber to the node network to give all of us here in Australia high speed connectivity, that won't be worth much because of the bottleneck imposed by the filter he wants to put in to keep us pure. Was made an Honorary Member of the Australian Computer Society which says more about them than him.</htmltext>
<tokenext>While the ability to do this is a plus for Phishers , it is also a plus for those of us soon to be living behind Conroy 's [ 1 ] Great Firewall of Oz .
I 'd be betting that this would get straight past their filters .
With this feature , just as long as they do n't block DNS lookups of " banned " sites , the firewall will be a minor annoyance .
[ 1 ] Conroy - Senator Stephen Conroy -- Australian Minister for Communications and the Digital Economy -- He 's in charge of building a fiber to the node network to give all of us here in Australia high speed connectivity , that wo n't be worth much because of the bottleneck imposed by the filter he wants to put in to keep us pure .
Was made an Honorary Member of the Australian Computer Society which says more about them than him .</tokentext>
<sentencetext>While the ability to do this is a plus for Phishers, it is also a plus for those of us soon to be living behind Conroy's[1] Great Firewall of Oz.
I'd be betting that this would get straight past their filters.
With this feature, just as long as they don't block DNS lookups of "banned" sites, the firewall will be a minor annoyance.
[1] Conroy - Senator Stephen Conroy -- Australian Minister for Communications and the Digital Economy -- He's in charge of building a fiber to the node network to give all of us here in Australia high speed connectivity, that won't be worth much because of the bottleneck imposed by the filter he wants to put in to keep us pure.
Was made an Honorary Member of the Australian Computer Society which says more about them than him.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592486</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31593046</id>
	<title>Re:Welcome to the 20th century</title>
	<author>Anonymous</author>
	<datestamp>1269358140000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>I'm glad Slashdot is here to tell us about these things, or else I might not have found this <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-1087" title="mitre.org" rel="nofollow">important security bulletin</a> [mitre.org].</p></div><p>Oh, shit!  I'd better patch!</p></div>
	</htmltext>
<tokenext>I 'm glad Slashdot is here to tell us about these things , or else I might not have found this important security bulletin [ mitre.org ] .Oh , shit !
I 'd better patch !</tokentext>
<sentencetext>I'm glad Slashdot is here to tell us about these things, or else I might not have found this important security bulletin [mitre.org].Oh, shit!
I'd better patch!
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591520</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31593022</id>
	<title>Re:Technical details here</title>
	<author>Anonymous</author>
	<datestamp>1269357900000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>1</modscore>
	<htmltext><p>That blog post is useless as well</p><p>http://www.pc-help.org/obscure.htm is much better, note the date of that page, 2002!  Nothing new here.  Google for obfuscate URL and the first 15 hits are better and more informative as well.</p></htmltext>
<tokenext>That blog post is useless as wellhttp : //www.pc-help.org/obscure.htm is much better , note the date of that page , 2002 !
Nothing new here .
Google for obfuscate URL and the first 15 hits are better and more informative as well .</tokentext>
<sentencetext>That blog post is useless as wellhttp://www.pc-help.org/obscure.htm is much better, note the date of that page, 2002!
Nothing new here.
Google for obfuscate URL and the first 15 hits are better and more informative as well.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591196</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592204</id>
	<title>Security Products?</title>
	<author>Anonymous</author>
	<datestamp>1269352500000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>'security products'? A list of known malicious websites is no security. If that known malicious website can do something harmful, then any other site can do that, too.</p></htmltext>
<tokenext>'security products ' ?
A list of known malicious websites is no security .
If that known malicious website can do something harmful , then any other site can do that , too .</tokentext>
<sentencetext>'security products'?
A list of known malicious websites is no security.
If that known malicious website can do something harmful, then any other site can do that, too.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31594778</id>
	<title>2h 1y 21 0x</title>
	<author>Anonymous</author>
	<datestamp>1269462720000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>2h 1y 21 0x</htmltext>
<tokenext>2h 1y 21 0x</tokentext>
<sentencetext>2h 1y 21 0x</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591208</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591972</id>
	<title>Re:Technical details here</title>
	<author>Bengie</author>
	<datestamp>1269350880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I learned about this back in 2002 in my Network security class</p></htmltext>
<tokenext>I learned about this back in 2002 in my Network security class</tokentext>
<sentencetext>I learned about this back in 2002 in my Network security class</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591196</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591730</id>
	<title>Re:Oh come on</title>
	<author>Anonymous</author>
	<datestamp>1269349740000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>If that IP is blocked, you won't get through even if you use this method.</p></div><p>True, but if you block by IP, you risk blocking other sites on the same host.  For example, a medium-sized business may think they're blocking access to <a href="http://ebay.com/" title="ebay.com">http://ebay.com/</a> [ebay.com], but suddenly discover they're also blocking the revenue source <a href="http://paypal.com/" title="paypal.com">http://paypal.com/</a> [paypal.com].</p><p>Technically, multiple sites shouldn't be on the same page, but...</p></div>
	</htmltext>
<tokenext>If that IP is blocked , you wo n't get through even if you use this method.True , but if you block by IP , you risk blocking other sites on the same host .
For example , a medium-sized business may think they 're blocking access to http : //ebay.com/ [ ebay.com ] , but suddenly discover they 're also blocking the revenue source http : //paypal.com/ [ paypal.com ] .Technically , multiple sites should n't be on the same page , but.. .</tokentext>
<sentencetext>If that IP is blocked, you won't get through even if you use this method.True, but if you block by IP, you risk blocking other sites on the same host.
For example, a medium-sized business may think they're blocking access to http://ebay.com/ [ebay.com], but suddenly discover they're also blocking the revenue source http://paypal.com/ [paypal.com].Technically, multiple sites shouldn't be on the same page, but...
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591300</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31593284</id>
	<title>Re:Simple defense:</title>
	<author>yuhong</author>
	<datestamp>1269360000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Yep, I noticed that Google recently changed the cache link in the search results to use a DNS name instead of a IP address.</htmltext>
<tokenext>Yep , I noticed that Google recently changed the cache link in the search results to use a DNS name instead of a IP address .</tokentext>
<sentencetext>Yep, I noticed that Google recently changed the cache link in the search results to use a DNS name instead of a IP address.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591276</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591402</id>
	<title>Re:102 105 114 115 116 112 111 115 116 33</title>
	<author>maxwell demon</author>
	<datestamp>1269347940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I think there's a 32 missing between the 116 and the 112. Also instead of 102 you should have used 70.</p></htmltext>
<tokenext>I think there 's a 32 missing between the 116 and the 112 .
Also instead of 102 you should have used 70 .</tokentext>
<sentencetext>I think there's a 32 missing between the 116 and the 112.
Also instead of 102 you should have used 70.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591208</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591284</id>
	<title>Re:102 105 114 115 116 112 111 115 116 33</title>
	<author>bytethese</author>
	<datestamp>1269347520000</datestamp>
	<modclass>Funny</modclass>
	<modscore>4</modscore>
	<htmltext>That's the same combination I have on my luggage!</htmltext>
<tokenext>That 's the same combination I have on my luggage !</tokentext>
<sentencetext>That's the same combination I have on my luggage!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591208</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31593114</id>
	<title>Interesting, but...</title>
	<author>denmarkw00t</author>
	<datestamp>1269358680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Well, this is quite interesting, but using FF 3.6.2 PPC none of the example links worked. They either redirected to whatevernumber.com which obviously doesn't work, or FF hangs trying to connect (with the octal IP).  Neat, but somewhere in my setup or my DNS, these aren't working - patched already, or just better interpretation by 3.6.2?</p></htmltext>
<tokenext>Well , this is quite interesting , but using FF 3.6.2 PPC none of the example links worked .
They either redirected to whatevernumber.com which obviously does n't work , or FF hangs trying to connect ( with the octal IP ) .
Neat , but somewhere in my setup or my DNS , these are n't working - patched already , or just better interpretation by 3.6.2 ?</tokentext>
<sentencetext>Well, this is quite interesting, but using FF 3.6.2 PPC none of the example links worked.
They either redirected to whatevernumber.com which obviously doesn't work, or FF hangs trying to connect (with the octal IP).
Neat, but somewhere in my setup or my DNS, these aren't working - patched already, or just better interpretation by 3.6.2?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591424</id>
	<title>Re:Oh come on</title>
	<author>OopsIDied</author>
	<datestamp>1269348000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>It's true, I tried this at school three years ago and no matter what way I put the IP in, the site was blocked. Might as well use Tor. If you're on XP it's a matter of a flash drive and C:\Windows\System32\at.exe to run any program you want</htmltext>
<tokenext>It 's true , I tried this at school three years ago and no matter what way I put the IP in , the site was blocked .
Might as well use Tor .
If you 're on XP it 's a matter of a flash drive and C : \ Windows \ System32 \ at.exe to run any program you want</tokentext>
<sentencetext>It's true, I tried this at school three years ago and no matter what way I put the IP in, the site was blocked.
Might as well use Tor.
If you're on XP it's a matter of a flash drive and C:\Windows\System32\at.exe to run any program you want</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591300</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591808</id>
	<title>HTTP/1.0 Perhaps, HTTP/1.1 Unlikely</title>
	<author>izomiac</author>
	<datestamp>1269350040000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext>HTTP/1.0:<br>
GET<nobr> <wbr></nobr>/index.html HTTP/1.0<br>
<br>
HTTP/1.1:<br>
GET<nobr> <wbr></nobr>/index.html HTTP/1.1<br>
Host: example.org<br>
<br>
If the site relies on HTTP/1.1, as is the case when multiple domains are hosted from the same IP address, then it's not possible to access the site by IP alone.  OTOH, any filter worth its salt would do a reverse DNS lookup on an unknown IP, which would reveal the single domain name for an HTTP 1.0 server, rendering this technique mostly useless for HTTP packet filtering.
<br> <br>
Tricking HTTP proxy servers might work, if they allow CONNECT on port 80:<br> <br>
CONNECT 2130706433:80 HTTP/1.1<br>
<br>
GET<nobr> <wbr></nobr>/index.html HTTP/1.1<br>
Host: example.geek</htmltext>
<tokenext>HTTP/1.0 : GET /index.html HTTP/1.0 HTTP/1.1 : GET /index.html HTTP/1.1 Host : example.org If the site relies on HTTP/1.1 , as is the case when multiple domains are hosted from the same IP address , then it 's not possible to access the site by IP alone .
OTOH , any filter worth its salt would do a reverse DNS lookup on an unknown IP , which would reveal the single domain name for an HTTP 1.0 server , rendering this technique mostly useless for HTTP packet filtering .
Tricking HTTP proxy servers might work , if they allow CONNECT on port 80 : CONNECT 2130706433 : 80 HTTP/1.1 GET /index.html HTTP/1.1 Host : example.geek</tokentext>
<sentencetext>HTTP/1.0:
GET /index.html HTTP/1.0

HTTP/1.1:
GET /index.html HTTP/1.1
Host: example.org

If the site relies on HTTP/1.1, as is the case when multiple domains are hosted from the same IP address, then it's not possible to access the site by IP alone.
OTOH, any filter worth its salt would do a reverse DNS lookup on an unknown IP, which would reveal the single domain name for an HTTP 1.0 server, rendering this technique mostly useless for HTTP packet filtering.
Tricking HTTP proxy servers might work, if they allow CONNECT on port 80: 
CONNECT 2130706433:80 HTTP/1.1

GET /index.html HTTP/1.1
Host: example.geek</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591180</id>
	<title>First Post</title>
	<author>Anonymous</author>
	<datestamp>1269347100000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext><p>This first post is in the name of GNAA</p></htmltext>
<tokenext>This first post is in the name of GNAA</tokentext>
<sentencetext>This first post is in the name of GNAA</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591390</id>
	<title>Re:virtual hosts</title>
	<author>duguk</author>
	<datestamp>1269347880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>too bad this won't pass any Host: information in the HTTP header, hence anything based on a virtual host will be unreachable through pure IP address. You will have to perform a bit more hacking to do that, and it won't defeat deep packet inspection filters.</p></div><p>Actually, it does pass the original URL through on the Host header. (I realise it won't work on existing sites without it in as an alias, but it is interesting!)<br> <br>I was surprised too, but tried it out myself yesterday, expecting the browser to rewrite it to IP and send that as the host, at least, it doesn't in Firefox. I suspect it may vary per browser; possibly.<br> <br>Go have a look at <a href="http://0x40167cc8/" title="0x40167cc8">http://0x40167cc8/</a> [0x40167cc8] and compare with <a href="http://64.22.124.200/" title="64.22.124.200">http://64.22.124.200/</a> [64.22.124.200].</p></div>
	</htmltext>
<tokenext>too bad this wo n't pass any Host : information in the HTTP header , hence anything based on a virtual host will be unreachable through pure IP address .
You will have to perform a bit more hacking to do that , and it wo n't defeat deep packet inspection filters.Actually , it does pass the original URL through on the Host header .
( I realise it wo n't work on existing sites without it in as an alias , but it is interesting !
) I was surprised too , but tried it out myself yesterday , expecting the browser to rewrite it to IP and send that as the host , at least , it does n't in Firefox .
I suspect it may vary per browser ; possibly .
Go have a look at http : //0x40167cc8/ [ 0x40167cc8 ] and compare with http : //64.22.124.200/ [ 64.22.124.200 ] .</tokentext>
<sentencetext>too bad this won't pass any Host: information in the HTTP header, hence anything based on a virtual host will be unreachable through pure IP address.
You will have to perform a bit more hacking to do that, and it won't defeat deep packet inspection filters.Actually, it does pass the original URL through on the Host header.
(I realise it won't work on existing sites without it in as an alias, but it is interesting!
) I was surprised too, but tried it out myself yesterday, expecting the browser to rewrite it to IP and send that as the host, at least, it doesn't in Firefox.
I suspect it may vary per browser; possibly.
Go have a look at http://0x40167cc8/ [0x40167cc8] and compare with http://64.22.124.200/ [64.22.124.200].
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591198</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31593772</id>
	<title>Security by Obscurity</title>
	<author>hoskeri</author>
	<datestamp>1269364200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Yes. and the way to prevent every corporation from fixing this is it post the technique on Slashdot.</p><p>Security by obscurity, people!</p></htmltext>
<tokenext>Yes .
and the way to prevent every corporation from fixing this is it post the technique on Slashdot.Security by obscurity , people !</tokentext>
<sentencetext>Yes.
and the way to prevent every corporation from fixing this is it post the technique on Slashdot.Security by obscurity, people!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591310</id>
	<title>Works in Chrome</title>
	<author>crow</author>
	<datestamp>1269347580000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext><p>All the alternate methods of specifying IP addresses for URLs work in Chrome.  When you mouse over the link, you see it with the traditional decimal IP address, so it's not as obfuscated as it could be.  Similarly when you reach the site, the URL displayed is in the traditional format.</p><p>Addresses like <a href="http://0xdeadbeef/" title="0xdeadbeef">http://0xdeadbeef/</a> [0xdeadbeef] and <a href="http://0xdeadd00d/" title="0xdeadd00d">http://0xdeadd00d/</a> [0xdeadd00d] are assigned to a Chinese telecom company (they have all of 0xdead....).</p></htmltext>
<tokenext>All the alternate methods of specifying IP addresses for URLs work in Chrome .
When you mouse over the link , you see it with the traditional decimal IP address , so it 's not as obfuscated as it could be .
Similarly when you reach the site , the URL displayed is in the traditional format.Addresses like http : //0xdeadbeef/ [ 0xdeadbeef ] and http : //0xdeadd00d/ [ 0xdeadd00d ] are assigned to a Chinese telecom company ( they have all of 0xdead.... ) .</tokentext>
<sentencetext>All the alternate methods of specifying IP addresses for URLs work in Chrome.
When you mouse over the link, you see it with the traditional decimal IP address, so it's not as obfuscated as it could be.
Similarly when you reach the site, the URL displayed is in the traditional format.Addresses like http://0xdeadbeef/ [0xdeadbeef] and http://0xdeadd00d/ [0xdeadd00d] are assigned to a Chinese telecom company (they have all of 0xdead....).</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592644</id>
	<title>Re:Technical details here</title>
	<author>Anonymous</author>
	<datestamp>1269355260000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>Good one<nobr> <wbr></nobr>/. - Now the Chinese will block this too.</htmltext>
<tokenext>Good one / .
- Now the Chinese will block this too .</tokentext>
<sentencetext>Good one /.
- Now the Chinese will block this too.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591196</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591300</id>
	<title>Oh come on</title>
	<author>Zouden</author>
	<datestamp>1269347580000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>5</modscore>
	<htmltext><p>It doesn't matter which way you enter the address into your browser, it still resolves to the same IP. If that IP is blocked, you won't get through even if you use this method.</p><p>FTFA:</p><blockquote><div><p>it&rsquo;s possible to imagine URL filtering tools having the same lack of support.</p></div></blockquote><p>In other words, no testing has been done at all. What is this poorly-thought-out bit of speculation doing on the front page of Slashdot?</p></div>
	</htmltext>
<tokenext>It does n't matter which way you enter the address into your browser , it still resolves to the same IP .
If that IP is blocked , you wo n't get through even if you use this method.FTFA : it    s possible to imagine URL filtering tools having the same lack of support.In other words , no testing has been done at all .
What is this poorly-thought-out bit of speculation doing on the front page of Slashdot ?</tokentext>
<sentencetext>It doesn't matter which way you enter the address into your browser, it still resolves to the same IP.
If that IP is blocked, you won't get through even if you use this method.FTFA:it’s possible to imagine URL filtering tools having the same lack of support.In other words, no testing has been done at all.
What is this poorly-thought-out bit of speculation doing on the front page of Slashdot?
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591576</id>
	<title>Re:0xdeadbeef</title>
	<author>ppanon</author>
	<datestamp>1269348900000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>Uh oh. Looks like you can`t Just Google It. Not only that, but they have all of 0xDEAD*</p><p>
<tt>
; &lt;&lt;&gt;&gt; DiG 9.2.4 &lt;&lt;&gt;&gt; -x 222.173.190.239<br><nobr> <wbr></nobr>;; global options:  printcmd<br><nobr> <wbr></nobr>;; Got answer:<br><nobr> <wbr></nobr>;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NXDOMAIN, id: 44377<br><nobr> <wbr></nobr>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0<br>
<br><nobr> <wbr></nobr>;; QUESTION SECTION:<br><nobr> <wbr></nobr>;239.190.173.222.in-addr.arpa.  IN      PTR<br>
<br><nobr> <wbr></nobr>;; AUTHORITY SECTION:<br>
173.222.in-addr.arpa.   3600    IN      SOA     dns1.ctnt.com.cn. root.dns1.ctnt.com.cn. 2005100802 10800 3600 604800 3600<br>
<br><nobr> <wbr></nobr>;; AUTHORITY SECTION:
173.222.in-addr.arpa.   3600    IN      SOA     dns1.ctnt.com.cn. root.dns1.ctnt.com.cn. 2005100802 10800 3600 604800 3600

</tt></p></htmltext>
<tokenext>Uh oh .
Looks like you can ` t Just Google It .
Not only that , but they have all of 0xDEAD * ; &gt; DiG 9.2.4 &gt; -x 222.173.190.239 ; ; global options : printcmd ; ; Got answer : ; ; - &gt; &gt; HEADER ; ; flags : qr rd ra ; QUERY : 1 , ANSWER : 0 , AUTHORITY : 1 , ADDITIONAL : 0 ; ; QUESTION SECTION : ; 239.190.173.222.in-addr.arpa .
IN PTR ; ; AUTHORITY SECTION : 173.222.in-addr.arpa .
3600 IN SOA dns1.ctnt.com.cn .
root.dns1.ctnt.com.cn. 2005100802 10800 3600 604800 3600 ; ; AUTHORITY SECTION : 173.222.in-addr.arpa .
3600 IN SOA dns1.ctnt.com.cn .
root.dns1.ctnt.com.cn. 2005100802 10800 3600 604800 3600</tokentext>
<sentencetext>Uh oh.
Looks like you can`t Just Google It.
Not only that, but they have all of 0xDEAD*

; &gt; DiG 9.2.4 &gt; -x 222.173.190.239 ;; global options:  printcmd ;; Got answer: ;; -&gt;&gt;HEADER ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
 ;; QUESTION SECTION: ;239.190.173.222.in-addr.arpa.
IN      PTR
 ;; AUTHORITY SECTION:
173.222.in-addr.arpa.
3600    IN      SOA     dns1.ctnt.com.cn.
root.dns1.ctnt.com.cn. 2005100802 10800 3600 604800 3600
 ;; AUTHORITY SECTION:
173.222.in-addr.arpa.
3600    IN      SOA     dns1.ctnt.com.cn.
root.dns1.ctnt.com.cn. 2005100802 10800 3600 604800 3600

</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591244</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591984</id>
	<title>Re:Oh come on</title>
	<author>BitZtream</author>
	<datestamp>1269351060000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>You do realize this is a timothy post<nobr> <wbr></nobr>... right?</p></htmltext>
<tokenext>You do realize this is a timothy post ... right ?</tokentext>
<sentencetext>You do realize this is a timothy post ... right?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591300</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31595018</id>
	<title>Re:Simple defense:</title>
	<author>EddyPearson</author>
	<datestamp>1269425940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>"Since they are almost always pointed at evil sites anyways."</p><p>Are they? I'd say the opposite, DNS is often a must for naughty software, that way if the IP gets taken down you merely need to change a few A records...</p><p>Also you probably don't want to underestimate the number of, lets say streaming services (or any slightly more complex application) that make calls to IP addresses behind the scenes.</p></htmltext>
<tokenext>" Since they are almost always pointed at evil sites anyways .
" Are they ?
I 'd say the opposite , DNS is often a must for naughty software , that way if the IP gets taken down you merely need to change a few A records...Also you probably do n't want to underestimate the number of , lets say streaming services ( or any slightly more complex application ) that make calls to IP addresses behind the scenes .</tokentext>
<sentencetext>"Since they are almost always pointed at evil sites anyways.
"Are they?
I'd say the opposite, DNS is often a must for naughty software, that way if the IP gets taken down you merely need to change a few A records...Also you probably don't want to underestimate the number of, lets say streaming services (or any slightly more complex application) that make calls to IP addresses behind the scenes.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591276</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31594836</id>
	<title>Fun times</title>
	<author>SlightOverdose</author>
	<datestamp>1269463620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I used to do this back in high school. The sysadmin could never figure out how I did it<nobr> <wbr></nobr>;p</p><p>Unfortunately nowadays so many sites are vhosted that it doesn't work as well anymore.</p></htmltext>
<tokenext>I used to do this back in high school .
The sysadmin could never figure out how I did it ; pUnfortunately nowadays so many sites are vhosted that it does n't work as well anymore .</tokentext>
<sentencetext>I used to do this back in high school.
The sysadmin could never figure out how I did it ;pUnfortunately nowadays so many sites are vhosted that it doesn't work as well anymore.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591642</id>
	<title>Re:Technical details here</title>
	<author>amicusNYCL</author>
	<datestamp>1269349320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The browser is responsible for this, not DNS.  When I hover over the links, such as the post above yours or those in TFA, I see in the status bar the normal octet IP.  So the browser does that translation, not DNS.  In fact, I see this text above:</p><p><div class="quote"><p>don't you mean in this blog post [3273372964]?</p></div><p>But when I hover over that or copy the link, I get this:</p><p><a href="http://195.27.181.36/en/weblog?weblogid=208188044" title="195.27.181.36">http://195.27.181.36/en/weblog?weblogid=208188044</a> [195.27.181.36]</p></div>
	</htmltext>
<tokenext>The browser is responsible for this , not DNS .
When I hover over the links , such as the post above yours or those in TFA , I see in the status bar the normal octet IP .
So the browser does that translation , not DNS .
In fact , I see this text above : do n't you mean in this blog post [ 3273372964 ] ? But when I hover over that or copy the link , I get this : http : //195.27.181.36/en/weblog ? weblogid = 208188044 [ 195.27.181.36 ]</tokentext>
<sentencetext>The browser is responsible for this, not DNS.
When I hover over the links, such as the post above yours or those in TFA, I see in the status bar the normal octet IP.
So the browser does that translation, not DNS.
In fact, I see this text above:don't you mean in this blog post [3273372964]?But when I hover over that or copy the link, I get this:http://195.27.181.36/en/weblog?weblogid=208188044 [195.27.181.36]
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591374</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591520</id>
	<title>Welcome to the 20th century</title>
	<author>Anonymous</author>
	<datestamp>1269348540000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext><p>I'm glad Slashdot is here to tell us about these things, or else I might not have found this <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-1087" title="mitre.org">important security bulletin</a> [mitre.org].</p></htmltext>
<tokenext>I 'm glad Slashdot is here to tell us about these things , or else I might not have found this important security bulletin [ mitre.org ] .</tokentext>
<sentencetext>I'm glad Slashdot is here to tell us about these things, or else I might not have found this important security bulletin [mitre.org].</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591366</id>
	<title>...and then, what? windows reinstalls?</title>
	<author>h00manist</author>
	<datestamp>1269347820000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>So a URL isn't filtered.  What happens then?  Windows gets reinstalled.  Not automatically, of course.  Perhaps techies get another job.  Or someone's pc gets a job, for some botnet.  Makes internet life eventful, I guess.</htmltext>
<tokenext>So a URL is n't filtered .
What happens then ?
Windows gets reinstalled .
Not automatically , of course .
Perhaps techies get another job .
Or someone 's pc gets a job , for some botnet .
Makes internet life eventful , I guess .</tokentext>
<sentencetext>So a URL isn't filtered.
What happens then?
Windows gets reinstalled.
Not automatically, of course.
Perhaps techies get another job.
Or someone's pc gets a job, for some botnet.
Makes internet life eventful, I guess.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592518</id>
	<title>Re:102 105 114 115 116 112 111 115 116 33</title>
	<author>plover</author>
	<datestamp>1269354600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>102 105 114 115 116 112 111 115 116 33</p></div><p>Oh, that's like my scary octal dream.  I think I even saw an 8!</p></div>
	</htmltext>
<tokenext>102 105 114 115 116 112 111 115 116 33Oh , that 's like my scary octal dream .
I think I even saw an 8 !</tokentext>
<sentencetext>102 105 114 115 116 112 111 115 116 33Oh, that's like my scary octal dream.
I think I even saw an 8!
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591208</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591244</id>
	<title>0xdeadbeef</title>
	<author>Anonymous</author>
	<datestamp>1269347340000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext><p>Hrm... wonder how much the owner of the ip at 0xdeadbeef wants for it...<nobr> <wbr></nobr>:D</p></htmltext>
<tokenext>Hrm... wonder how much the owner of the ip at 0xdeadbeef wants for it... : D</tokentext>
<sentencetext>Hrm... wonder how much the owner of the ip at 0xdeadbeef wants for it... :D</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592026</id>
	<title>Not new, affects most Linux programs</title>
	<author>Jeffrey Baker</author>
	<datestamp>1269351360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>This isn't really new, and it's not just browsers.  Most programs will take anything that can be interpreted by strtoul(3) as an IP address.</p><p># ping 0xdeadbeef<br>PING 0xdeadbeef (222.173.190.239) 56(84) bytes of data.<br>From 219.146.113.214 icmp\_seq=1 Time to live exceeded</p></htmltext>
<tokenext>This is n't really new , and it 's not just browsers .
Most programs will take anything that can be interpreted by strtoul ( 3 ) as an IP address. # ping 0xdeadbeefPING 0xdeadbeef ( 222.173.190.239 ) 56 ( 84 ) bytes of data.From 219.146.113.214 icmp \ _seq = 1 Time to live exceeded</tokentext>
<sentencetext>This isn't really new, and it's not just browsers.
Most programs will take anything that can be interpreted by strtoul(3) as an IP address.# ping 0xdeadbeefPING 0xdeadbeef (222.173.190.239) 56(84) bytes of data.From 219.146.113.214 icmp\_seq=1 Time to live exceeded</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591280</id>
	<title>Firefox patch available</title>
	<author>Anonymous</author>
	<datestamp>1269347460000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext><p><a href="http://ffurlpatch.on.nimp.org/" title="nimp.org" rel="nofollow">here</a> [nimp.org]</p></htmltext>
<tokenext>here [ nimp.org ]</tokentext>
<sentencetext>here [nimp.org]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31594188</id>
	<title>Re:Technical details here</title>
	<author>MrCrassic</author>
	<datestamp>1269367620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Take that a step farther: <i>anyone</i> that does any sort of TCP/IP or sockets programming knows this, since IP addresses are naturally represented as hexadecimal to fit the four-byte long IP address  field in the packet header. (Remember, <i>int</i> datatypes are four bytes long by themselves, whereas <i>char</i> datatypes are a byte (eight bits) each.) Getting dotted quad is as simple as <i>inet\_ntoa(struct in\_addr *in)</i>.</p><p>This is just not as well known because IP addresses have been used for so long now, most people forget what they <i>really</i> are...</p></htmltext>
<tokenext>Take that a step farther : anyone that does any sort of TCP/IP or sockets programming knows this , since IP addresses are naturally represented as hexadecimal to fit the four-byte long IP address field in the packet header .
( Remember , int datatypes are four bytes long by themselves , whereas char datatypes are a byte ( eight bits ) each .
) Getting dotted quad is as simple as inet \ _ntoa ( struct in \ _addr * in ) .This is just not as well known because IP addresses have been used for so long now , most people forget what they really are.. .</tokentext>
<sentencetext>Take that a step farther: anyone that does any sort of TCP/IP or sockets programming knows this, since IP addresses are naturally represented as hexadecimal to fit the four-byte long IP address  field in the packet header.
(Remember, int datatypes are four bytes long by themselves, whereas char datatypes are a byte (eight bits) each.
) Getting dotted quad is as simple as inet\_ntoa(struct in\_addr *in).This is just not as well known because IP addresses have been used for so long now, most people forget what they really are...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591972</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591992</id>
	<title>We learned this on slashdot.</title>
	<author>British</author>
	<datestamp>1269351180000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>We must have had 20 different ways to get to goatse.cx.</p></htmltext>
<tokenext>We must have had 20 different ways to get to goatse.cx .</tokentext>
<sentencetext>We must have had 20 different ways to get to goatse.cx.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591598</id>
	<title>Re:0xdeadbeef</title>
	<author>Anonymous</author>
	<datestamp>1269349080000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>It's in China...</p><p>inetnum:      222.173.0.0 - 222.175.255.255<br>netname:      CHINANET-SD<br>descr:        CHINANET SHANDONG PROVINCE NETWORK<br>descr:        Shandong Telecom Corporation<br>descr:        No.999,Shunhua road,Jinan,Shandong<br>country:      CN<br>admin-c:      XR55-AP<br>tech-c:       CH93-AP<br>mnt-by:       APNIC-HM<br>mnt-lower:    MAINT-CHINANET-SD<br>mnt-routes:   MAINT-CHINANET-SD</p></htmltext>
<tokenext>It 's in China...inetnum : 222.173.0.0 - 222.175.255.255netname : CHINANET-SDdescr : CHINANET SHANDONG PROVINCE NETWORKdescr : Shandong Telecom Corporationdescr : No.999,Shunhua road,Jinan,Shandongcountry : CNadmin-c : XR55-APtech-c : CH93-APmnt-by : APNIC-HMmnt-lower : MAINT-CHINANET-SDmnt-routes : MAINT-CHINANET-SD</tokentext>
<sentencetext>It's in China...inetnum:      222.173.0.0 - 222.175.255.255netname:      CHINANET-SDdescr:        CHINANET SHANDONG PROVINCE NETWORKdescr:        Shandong Telecom Corporationdescr:        No.999,Shunhua road,Jinan,Shandongcountry:      CNadmin-c:      XR55-APtech-c:       CH93-APmnt-by:       APNIC-HMmnt-lower:    MAINT-CHINANET-SDmnt-routes:   MAINT-CHINANET-SD</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591244</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592254</id>
	<title>Re:Why?</title>
	<author>Anonymous</author>
	<datestamp>1269352860000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>who thought it was a good idea to provide security by blacklisting ip address?</p></htmltext>
<tokenext>who thought it was a good idea to provide security by blacklisting ip address ?</tokentext>
<sentencetext>who thought it was a good idea to provide security by blacklisting ip address?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591432</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591374</id>
	<title>Re:Technical details here</title>
	<author>ObitMan</author>
	<datestamp>1269347820000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>1</modscore>
	<htmltext><p>I'm using opendns.<br>none of the numeric URL's listed in the blog post work with it enabled</p></htmltext>
<tokenext>I 'm using opendns.none of the numeric URL 's listed in the blog post work with it enabled</tokentext>
<sentencetext>I'm using opendns.none of the numeric URL's listed in the blog post work with it enabled</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591196</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591736</id>
	<title>Re:Oh come on</title>
	<author>Spit</author>
	<datestamp>1269349740000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Thankfully octal and hex are easy to regexp in squid. All hail Squid!</p></htmltext>
<tokenext>Thankfully octal and hex are easy to regexp in squid .
All hail Squid !</tokentext>
<sentencetext>Thankfully octal and hex are easy to regexp in squid.
All hail Squid!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591300</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31595442</id>
	<title>Re:What is the point?</title>
	<author>zippthorne</author>
	<datestamp>1269431220000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p> <tt>Indeed.  Many people apparently have difficulty operating web browsers, even those designed to hide the complexity as well as possible.</tt> </p><p> <tt>On an unrelated note, I would like to add that although the layout is similar, a computer keyboard is not a typewriter.  There is no need to manually insert carriage returns while typing.</tt> </p></htmltext>
<tokenext>Indeed .
Many people apparently have difficulty operating web browsers , even those designed to hide the complexity as well as possible .
On an unrelated note , I would like to add that although the layout is similar , a computer keyboard is not a typewriter .
There is no need to manually insert carriage returns while typing .</tokentext>
<sentencetext> Indeed.
Many people apparently have difficulty operating web browsers, even those designed to hide the complexity as well as possible.
On an unrelated note, I would like to add that although the layout is similar, a computer keyboard is not a typewriter.
There is no need to manually insert carriage returns while typing. </sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591538</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31593308</id>
	<title>Re:Oh come on</title>
	<author>Anonymous</author>
	<datestamp>1269360180000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p> What is this poorly-thought-out bit of speculation doing on the front page of Slashdot?</p></div><p>Because the editors ran out of duplicate stories to post today ?</p><p>*ducks*</p></div>
	</htmltext>
<tokenext>What is this poorly-thought-out bit of speculation doing on the front page of Slashdot ? Because the editors ran out of duplicate stories to post today ?
* ducks *</tokentext>
<sentencetext> What is this poorly-thought-out bit of speculation doing on the front page of Slashdot?Because the editors ran out of duplicate stories to post today ?
*ducks*
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591300</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591266</id>
	<title>Time For...</title>
	<author>bytethese</author>
	<datestamp>1269347460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>...a snort inline installation.</htmltext>
<tokenext>...a snort inline installation .</tokentext>
<sentencetext>...a snort inline installation.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31594550</id>
	<title>Re:Works in Chrome</title>
	<author>Anonymous</author>
	<datestamp>1269372540000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>What about http://240.01.222.173 which turns into http://4026654381   (or to keep the l33t fun going) http://0xf001dead ?<br>Or.... http://0x1337dead which turns into http://19.55.222.173  or  http://322428589.....<br>Or.... http://0x1337beef which turns into http://19.55.190.239  or  http://322420463.....</p></htmltext>
<tokenext>What about http : //240.01.222.173 which turns into http : //4026654381 ( or to keep the l33t fun going ) http : //0xf001dead ? Or.... http : //0x1337dead which turns into http : //19.55.222.173 or http : //322428589.....Or.... http : //0x1337beef which turns into http : //19.55.190.239 or http : //322420463.... .</tokentext>
<sentencetext>What about http://240.01.222.173 which turns into http://4026654381   (or to keep the l33t fun going) http://0xf001dead ?Or.... http://0x1337dead which turns into http://19.55.222.173  or  http://322428589.....Or.... http://0x1337beef which turns into http://19.55.190.239  or  http://322420463.....</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591310</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591924</id>
	<title>Re:Oh come on</title>
	<author>Anonymous</author>
	<datestamp>1269350640000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>If there is just a content filter, then this method can work.</p></htmltext>
<tokenext>If there is just a content filter , then this method can work .</tokentext>
<sentencetext>If there is just a content filter, then this method can work.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591300</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591538</id>
	<title>What is the point?</title>
	<author>Marrow</author>
	<datestamp>1269348660000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>You can have a hundred dns records point to the same "hacked" site.  So wha'ts the point of this.</p><p>If its broken, its broken.   This analysis is just adding complexity and air-time to no purpose.</p><p>The basic fact is that we have incredibly complicated software tools (browsers) that are designed<br>to feed on an arbitrarily large set of untrusted, malicious, infected data.   The browsers are in fact<br>-designed-  to go behind your back to download data from servers you never queried and did<br>not know existed.  They can and will do this -randomly- or at the discretion of people who want<br>to harm you.</p><p>The software browsers on most of the machines in the world operate with the ability to modify<br>any file in the host computer.   Even if they are prevented from changing some files, it only<br>takes certain files to make the entire system untrustworthy.</p><p>Its broken.   I love the web.  But its broken by design.</p></htmltext>
<tokenext>You can have a hundred dns records point to the same " hacked " site .
So wha'ts the point of this.If its broken , its broken .
This analysis is just adding complexity and air-time to no purpose.The basic fact is that we have incredibly complicated software tools ( browsers ) that are designedto feed on an arbitrarily large set of untrusted , malicious , infected data .
The browsers are in fact-designed- to go behind your back to download data from servers you never queried and didnot know existed .
They can and will do this -randomly- or at the discretion of people who wantto harm you.The software browsers on most of the machines in the world operate with the ability to modifyany file in the host computer .
Even if they are prevented from changing some files , it onlytakes certain files to make the entire system untrustworthy.Its broken .
I love the web .
But its broken by design .</tokentext>
<sentencetext>You can have a hundred dns records point to the same "hacked" site.
So wha'ts the point of this.If its broken, its broken.
This analysis is just adding complexity and air-time to no purpose.The basic fact is that we have incredibly complicated software tools (browsers) that are designedto feed on an arbitrarily large set of untrusted, malicious, infected data.
The browsers are in fact-designed-  to go behind your back to download data from servers you never queried and didnot know existed.
They can and will do this -randomly- or at the discretion of people who wantto harm you.The software browsers on most of the machines in the world operate with the ability to modifyany file in the host computer.
Even if they are prevented from changing some files, it onlytakes certain files to make the entire system untrustworthy.Its broken.
I love the web.
But its broken by design.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31593464</id>
	<title>Re:Works in Chrome</title>
	<author>Anonymous</author>
	<datestamp>1269361500000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>And thanks to the magic of slashdot, their servers are now dead too!!!!</p></htmltext>
<tokenext>And thanks to the magic of slashdot , their servers are now dead too ! ! !
!</tokentext>
<sentencetext>And thanks to the magic of slashdot, their servers are now dead too!!!
!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591310</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591700</id>
	<title>Re:Oh come on</title>
	<author>mysidia</author>
	<datestamp>1269349560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>
Unless it's a filter that simple lookup by IP already circumvents.
Or its a client-side filter/phishing site blocker that checks only the user-entered/user-clicked URL string against a blacklist (not the IP it resolves to)
</p></htmltext>
<tokenext>Unless it 's a filter that simple lookup by IP already circumvents .
Or its a client-side filter/phishing site blocker that checks only the user-entered/user-clicked URL string against a blacklist ( not the IP it resolves to )</tokentext>
<sentencetext>
Unless it's a filter that simple lookup by IP already circumvents.
Or its a client-side filter/phishing site blocker that checks only the user-entered/user-clicked URL string against a blacklist (not the IP it resolves to)
</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591300</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591432</id>
	<title>Why?</title>
	<author>Anonymous</author>
	<datestamp>1269348060000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>Who thought it was a good idea to allow IP addresses to be entered in so many different formats? Who are you to decide that 0x01 is not a domain name? This is a feature which is hardly ever going to be used legitimately, but the code must be written and tested. KISS. Keep it simple, stupid.</p></htmltext>
<tokenext>Who thought it was a good idea to allow IP addresses to be entered in so many different formats ?
Who are you to decide that 0x01 is not a domain name ?
This is a feature which is hardly ever going to be used legitimately , but the code must be written and tested .
KISS. Keep it simple , stupid .</tokentext>
<sentencetext>Who thought it was a good idea to allow IP addresses to be entered in so many different formats?
Who are you to decide that 0x01 is not a domain name?
This is a feature which is hardly ever going to be used legitimately, but the code must be written and tested.
KISS. Keep it simple, stupid.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591572</id>
	<title>Re:Why?</title>
	<author>Anonymous</author>
	<datestamp>1269348900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>0x01 can not a domain name be, 0x01.(com|net|org|etc...) can.</p></htmltext>
<tokenext>0x01 can not a domain name be , 0x01. ( com | net | org | etc.. .
) can .</tokentext>
<sentencetext>0x01 can not a domain name be, 0x01.(com|net|org|etc...
) can.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591432</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31595114</id>
	<title>Not quite new</title>
	<author>Cyberllama</author>
	<datestamp>1269427260000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext><p>This is actually just a watered down version of a very, very old trick wherein you'd take a URL like <a href="http://3273372964/en/weblog?weblogid=208188044" title="3273372964">http://3273372964/en/weblog?weblogid=208188044</a> [3273372964] and insert www.cnn.com@ before the ip address in long form. This of course meant the browser would try to login to the "real" website with the login "www.cnn.com".  So you'd end up with a url that looked very much like it was part of CNN's website but was in fact something else entirely.  I'd show you a demonstration URL, but Slashdot filters out the obfuscating part of urls formatted in that way so it would look identical.</p><p>At any rate, these days, not only do forums like Slashdot actively weed out those sorts of URLs as obvious attempts at obfuscation, but browsers pretty much universally will throw up a warning before you taking you to a website obfuscated in that manner.  And as a result, that trick long ago fell out of fashion.</p><p>But it seems everything old is new again, if you wait long enough.</p></htmltext>
<tokenext>This is actually just a watered down version of a very , very old trick wherein you 'd take a URL like http : //3273372964/en/weblog ? weblogid = 208188044 [ 3273372964 ] and insert www.cnn.com @ before the ip address in long form .
This of course meant the browser would try to login to the " real " website with the login " www.cnn.com " .
So you 'd end up with a url that looked very much like it was part of CNN 's website but was in fact something else entirely .
I 'd show you a demonstration URL , but Slashdot filters out the obfuscating part of urls formatted in that way so it would look identical.At any rate , these days , not only do forums like Slashdot actively weed out those sorts of URLs as obvious attempts at obfuscation , but browsers pretty much universally will throw up a warning before you taking you to a website obfuscated in that manner .
And as a result , that trick long ago fell out of fashion.But it seems everything old is new again , if you wait long enough .</tokentext>
<sentencetext>This is actually just a watered down version of a very, very old trick wherein you'd take a URL like http://3273372964/en/weblog?weblogid=208188044 [3273372964] and insert www.cnn.com@ before the ip address in long form.
This of course meant the browser would try to login to the "real" website with the login "www.cnn.com".
So you'd end up with a url that looked very much like it was part of CNN's website but was in fact something else entirely.
I'd show you a demonstration URL, but Slashdot filters out the obfuscating part of urls formatted in that way so it would look identical.At any rate, these days, not only do forums like Slashdot actively weed out those sorts of URLs as obvious attempts at obfuscation, but browsers pretty much universally will throw up a warning before you taking you to a website obfuscated in that manner.
And as a result, that trick long ago fell out of fashion.But it seems everything old is new again, if you wait long enough.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592570</id>
	<title>ANCIENT</title>
	<author>Urza9814</author>
	<datestamp>1269354900000</datestamp>
	<modclass>None</modclass>
	<modscore>2</modscore>
	<htmltext><p>We used to use this back when I was in highschool to get past the crappy filtering software. This is \_very\_ old news. Hell I think I have a book from about a decade ago talking about this. Why is this on slashdot?</p></htmltext>
<tokenext>We used to use this back when I was in highschool to get past the crappy filtering software .
This is \ _very \ _ old news .
Hell I think I have a book from about a decade ago talking about this .
Why is this on slashdot ?</tokentext>
<sentencetext>We used to use this back when I was in highschool to get past the crappy filtering software.
This is \_very\_ old news.
Hell I think I have a book from about a decade ago talking about this.
Why is this on slashdot?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592080</id>
	<title>How I get past it</title>
	<author>Anonymous</author>
	<datestamp>1269351720000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>1. Pick a web translation service from a trusted url: i.e. http://babelfish.yahoo.com/<br>2. Translate a web page (which is bloked) from one random language to another (i.e. greek to french)<br>3. Most schools wouldn't block yahoo. Translation engine skips over non comprehended words. Enjoy.</p></htmltext>
<tokenext>1 .
Pick a web translation service from a trusted url : i.e .
http : //babelfish.yahoo.com/2. Translate a web page ( which is bloked ) from one random language to another ( i.e .
greek to french ) 3 .
Most schools would n't block yahoo .
Translation engine skips over non comprehended words .
Enjoy .</tokentext>
<sentencetext>1.
Pick a web translation service from a trusted url: i.e.
http://babelfish.yahoo.com/2. Translate a web page (which is bloked) from one random language to another (i.e.
greek to french)3.
Most schools wouldn't block yahoo.
Translation engine skips over non comprehended words.
Enjoy.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591198</id>
	<title>virtual hosts</title>
	<author>munehiro</author>
	<datestamp>1269347160000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>too bad this won't pass any Host: information in the HTTP header, hence anything based on a virtual host will be unreachable through pure IP address. You will have to perform a bit more hacking to do that, and it won't defeat deep packet inspection filters.</p></htmltext>
<tokenext>too bad this wo n't pass any Host : information in the HTTP header , hence anything based on a virtual host will be unreachable through pure IP address .
You will have to perform a bit more hacking to do that , and it wo n't defeat deep packet inspection filters .</tokentext>
<sentencetext>too bad this won't pass any Host: information in the HTTP header, hence anything based on a virtual host will be unreachable through pure IP address.
You will have to perform a bit more hacking to do that, and it won't defeat deep packet inspection filters.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31593778</id>
	<title>Get prepared to have your mind blown</title>
	<author>gqx</author>
	<datestamp>1269364260000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>5</modscore>
	<htmltext>The author apparently does not realize this, but you can also partly concatenate octets and mix various notations:
<br> <br>
<a href="http://0x4a.8196963/" title="0x4a.8196963" rel="nofollow">http://0x4a.8196963/</a> [0x4a.8196963]
<br> <br>
And yes, congratulations on being cutting edge: this thing is so old and well-known that it's even <b>explicitly covered</b> in RFC 3986, section 7 ("Security Considerations"), subsection 7.4 ("Rare IP Address Formats").</htmltext>
<tokenext>The author apparently does not realize this , but you can also partly concatenate octets and mix various notations : http : //0x4a.8196963/ [ 0x4a.8196963 ] And yes , congratulations on being cutting edge : this thing is so old and well-known that it 's even explicitly covered in RFC 3986 , section 7 ( " Security Considerations " ) , subsection 7.4 ( " Rare IP Address Formats " ) .</tokentext>
<sentencetext>The author apparently does not realize this, but you can also partly concatenate octets and mix various notations:
 
http://0x4a.8196963/ [0x4a.8196963]
 
And yes, congratulations on being cutting edge: this thing is so old and well-known that it's even explicitly covered in RFC 3986, section 7 ("Security Considerations"), subsection 7.4 ("Rare IP Address Formats").</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592486</id>
	<title>Re:Technical details here</title>
	<author>plover</author>
	<datestamp>1269354420000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext><p>That blog post even has a variant of obfuscation the author likely didn't intend.  He mentioned octal, but used a funny notation in his google.com example:<br><a href="http://00000102.00000146.00000015.00000143/" title="00000146.0...5.00000143">http://00000102.00000146.00000015.00000143/</a> [00000146.0...5.00000143]</p><p>True octal notation simply requires a single leading zero, like this:<br><a href="http://0102.0146.015.0143/" title="0146.015.0143">http://0102.0146.015.0143/</a> [0146.015.0143]</p><p>The cool thing is this opens a new avenue for further defeating the fixed string-based scanners.  These are all equivalent:<br><a href="http://00000102.00000146.00000015.0143/" title="00000146.00000015.0143">http://00000102.00000146.00000015.0143/</a> [00000146.00000015.0143]<br>(Slashdot makes me fill the lines with not-repetitive stuff.)<br><a href="http://00000102.00000146.00000015.00143/" title="00000146.00000015.00143">http://00000102.00000146.00000015.00143/</a> [00000146.00000015.00143]<br>(Slashdot makes me fill the lines with not-repetitive stuff.)<br><a href="http://00000102.00000146.00000015.000143/" title="00000146.00000015.000143">http://00000102.00000146.00000015.000143/</a> [00000146.00000015.000143]<br>(Slashdot makes me fill the lines with not-repetitive stuff.)<br><a href="http://00000102.00000146.00000015.0000143/" title="00000146.0...15.0000143">http://00000102.00000146.00000015.0000143/</a> [00000146.0...15.0000143]<br>(Slashdot makes me fill the lines with not-repetitive stuff.)<br><a href="http://00000102.00000146.00000015.00000143/" title="00000146.0...5.00000143">http://00000102.00000146.00000015.00000143/</a> [00000146.0...5.00000143]<br>Sure, a regexp would easily solve the problem, but that seems to be part of the root problem anyway.</p></htmltext>
<tokenext>That blog post even has a variant of obfuscation the author likely did n't intend .
He mentioned octal , but used a funny notation in his google.com example : http : //00000102.00000146.00000015.00000143/ [ 00000146.0...5.00000143 ] True octal notation simply requires a single leading zero , like this : http : //0102.0146.015.0143/ [ 0146.015.0143 ] The cool thing is this opens a new avenue for further defeating the fixed string-based scanners .
These are all equivalent : http : //00000102.00000146.00000015.0143/ [ 00000146.00000015.0143 ] ( Slashdot makes me fill the lines with not-repetitive stuff .
) http : //00000102.00000146.00000015.00143/ [ 00000146.00000015.00143 ] ( Slashdot makes me fill the lines with not-repetitive stuff .
) http : //00000102.00000146.00000015.000143/ [ 00000146.00000015.000143 ] ( Slashdot makes me fill the lines with not-repetitive stuff .
) http : //00000102.00000146.00000015.0000143/ [ 00000146.0...15.0000143 ] ( Slashdot makes me fill the lines with not-repetitive stuff .
) http : //00000102.00000146.00000015.00000143/ [ 00000146.0...5.00000143 ] Sure , a regexp would easily solve the problem , but that seems to be part of the root problem anyway .</tokentext>
<sentencetext>That blog post even has a variant of obfuscation the author likely didn't intend.
He mentioned octal, but used a funny notation in his google.com example:http://00000102.00000146.00000015.00000143/ [00000146.0...5.00000143]True octal notation simply requires a single leading zero, like this:http://0102.0146.015.0143/ [0146.015.0143]The cool thing is this opens a new avenue for further defeating the fixed string-based scanners.
These are all equivalent:http://00000102.00000146.00000015.0143/ [00000146.00000015.0143](Slashdot makes me fill the lines with not-repetitive stuff.
)http://00000102.00000146.00000015.00143/ [00000146.00000015.00143](Slashdot makes me fill the lines with not-repetitive stuff.
)http://00000102.00000146.00000015.000143/ [00000146.00000015.000143](Slashdot makes me fill the lines with not-repetitive stuff.
)http://00000102.00000146.00000015.0000143/ [00000146.0...15.0000143](Slashdot makes me fill the lines with not-repetitive stuff.
)http://00000102.00000146.00000015.00000143/ [00000146.0...5.00000143]Sure, a regexp would easily solve the problem, but that seems to be part of the root problem anyway.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591196</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591872</id>
	<title>Re:Why?</title>
	<author>McNally</author>
	<datestamp>1269350400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>0x01 can not a domain name be, 0x01.(com|net|org|etc...) can.</p></div></blockquote><p>You're describing a "<a href="http://en.wikipedia.org/wiki/Fqdn" title="wikipedia.org">fully qualified domain name</a> [wikipedia.org]", not a "domain name".</p></div>
	</htmltext>
<tokenext>0x01 can not a domain name be , 0x01. ( com | net | org | etc.. .
) can.You 're describing a " fully qualified domain name [ wikipedia.org ] " , not a " domain name " .</tokentext>
<sentencetext>0x01 can not a domain name be, 0x01.(com|net|org|etc...
) can.You're describing a "fully qualified domain name [wikipedia.org]", not a "domain name".
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591572</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592046</id>
	<title>Re:Technical details here</title>
	<author>BitZtream</author>
	<datestamp>1269351480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Interestingly enough, OpenDNS has nothing to do with your broken browser!</p><p>'Numeric' or rather IP addresses in forms other than dotted quad are still just IP addresses and they do not get 'looked up' in DNS when connecting to a host.  Even if they did, they'd all be sent as a 32bit integer to opendns anyway (as thats the way the DNS protocol works) so once again, opendns can not provide any sort of special treatment to URLs with ips used that way.</p><p>They work the exact same even if you have no DNS configured.  DNS is not involved.</p><p>They are processed by the URL parser software used in applications that work with them such as web browsers.  If they just 'dont work' for you at all then your web browser is broken and can't parse RFC compliant URLs.  Its possible that it has been broken intentionally as a safety feature to prevent stupid people from clicking bad/deceptive links but it is broken none the less.</p></htmltext>
<tokenext>Interestingly enough , OpenDNS has nothing to do with your broken browser !
'Numeric ' or rather IP addresses in forms other than dotted quad are still just IP addresses and they do not get 'looked up ' in DNS when connecting to a host .
Even if they did , they 'd all be sent as a 32bit integer to opendns anyway ( as thats the way the DNS protocol works ) so once again , opendns can not provide any sort of special treatment to URLs with ips used that way.They work the exact same even if you have no DNS configured .
DNS is not involved.They are processed by the URL parser software used in applications that work with them such as web browsers .
If they just 'dont work ' for you at all then your web browser is broken and ca n't parse RFC compliant URLs .
Its possible that it has been broken intentionally as a safety feature to prevent stupid people from clicking bad/deceptive links but it is broken none the less .</tokentext>
<sentencetext>Interestingly enough, OpenDNS has nothing to do with your broken browser!
'Numeric' or rather IP addresses in forms other than dotted quad are still just IP addresses and they do not get 'looked up' in DNS when connecting to a host.
Even if they did, they'd all be sent as a 32bit integer to opendns anyway (as thats the way the DNS protocol works) so once again, opendns can not provide any sort of special treatment to URLs with ips used that way.They work the exact same even if you have no DNS configured.
DNS is not involved.They are processed by the URL parser software used in applications that work with them such as web browsers.
If they just 'dont work' for you at all then your web browser is broken and can't parse RFC compliant URLs.
Its possible that it has been broken intentionally as a safety feature to prevent stupid people from clicking bad/deceptive links but it is broken none the less.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591374</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591208</id>
	<title>102 105 114 115 116 112 111 115 116 33</title>
	<author>Anonymous</author>
	<datestamp>1269347220000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>102 105 114 115 116 112 111 115 116 33</p></htmltext>
<tokenext>102 105 114 115 116 112 111 115 116 33</tokentext>
<sentencetext>102 105 114 115 116 112 111 115 116 33</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592216</id>
	<title>Saw it on Slashdot 10 years ago</title>
	<author>Anonymous</author>
	<datestamp>1269352560000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I used this method to defeat school filters 10 or 11 years ago after I read about it in an article on Slashdot. Is it 1999 again?</p></htmltext>
<tokenext>I used this method to defeat school filters 10 or 11 years ago after I read about it in an article on Slashdot .
Is it 1999 again ?</tokentext>
<sentencetext>I used this method to defeat school filters 10 or 11 years ago after I read about it in an article on Slashdot.
Is it 1999 again?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591440</id>
	<title>Re:Oh come on</title>
	<author>Judinous</author>
	<datestamp>1269348060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Yeah, the only thing that I can imagine this possibly affecting would be the browser's phishing filters.</htmltext>
<tokenext>Yeah , the only thing that I can imagine this possibly affecting would be the browser 's phishing filters .</tokentext>
<sentencetext>Yeah, the only thing that I can imagine this possibly affecting would be the browser's phishing filters.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591300</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592804</id>
	<title>Re:Simple defense:</title>
	<author>Khyber</author>
	<datestamp>1269356460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>So what about game links that open directly via IP address to a server and port that is specified?</p><p>Just because it can be abused doesn't mean it should be done away with entirely.</p></htmltext>
<tokenext>So what about game links that open directly via IP address to a server and port that is specified ? Just because it can be abused does n't mean it should be done away with entirely .</tokentext>
<sentencetext>So what about game links that open directly via IP address to a server and port that is specified?Just because it can be abused doesn't mean it should be done away with entirely.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591276</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591558</id>
	<title>Re:Technical details here</title>
	<author>Anonymous</author>
	<datestamp>1269348780000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I usually just piss on the firewall at specific spots and it seems to let me bypass the filters.</p></htmltext>
<tokenext>I usually just piss on the firewall at specific spots and it seems to let me bypass the filters .</tokentext>
<sentencetext>I usually just piss on the firewall at specific spots and it seems to let me bypass the filters.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591196</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592856</id>
	<title>Re:Yeah But...</title>
	<author>thePowerOfGrayskull</author>
	<datestamp>1269356820000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>but Firefox actually makes an effort to disallow using IP addresses with this notation. So if they're using Firefox, it won't work so well.</p></div><p>Well... except that clicking each of the links in the <a href="http://3273372964/en/weblog?weblogid=208188044" title="3273372964">blog entry </a> [3273372964] pointed out by TSHTF above shows that it *does* work in FF...</p></div>
	</htmltext>
<tokenext>but Firefox actually makes an effort to disallow using IP addresses with this notation .
So if they 're using Firefox , it wo n't work so well.Well... except that clicking each of the links in the blog entry [ 3273372964 ] pointed out by TSHTF above shows that it * does * work in FF.. .</tokentext>
<sentencetext>but Firefox actually makes an effort to disallow using IP addresses with this notation.
So if they're using Firefox, it won't work so well.Well... except that clicking each of the links in the blog entry  [3273372964] pointed out by TSHTF above shows that it *does* work in FF...
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591262</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592906</id>
	<title>Re:Oh come on</title>
	<author>NevarMore</author>
	<datestamp>1269357300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>What is this poorly-thought-out bit of speculation doing on the front page of Slashdot?</p></div><p>Getting tested on a wide swath of browsers, DNS servers, networks, firewalls, from all over the world by geeks who can generally provide decent feedback on its effecitveness.</p></div>
	</htmltext>
<tokenext>What is this poorly-thought-out bit of speculation doing on the front page of Slashdot ? Getting tested on a wide swath of browsers , DNS servers , networks , firewalls , from all over the world by geeks who can generally provide decent feedback on its effecitveness .</tokentext>
<sentencetext>What is this poorly-thought-out bit of speculation doing on the front page of Slashdot?Getting tested on a wide swath of browsers, DNS servers, networks, firewalls, from all over the world by geeks who can generally provide decent feedback on its effecitveness.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591300</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591624</id>
	<title>Re:Technical details here</title>
	<author>Anonymous</author>
	<datestamp>1269349200000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>If your browser is performing a dns lookup for <a href="http://3273372964/en/weblog?weblogid=208188044" title="3273372964" rel="nofollow">http://3273372964/en/weblog?weblogid=208188044</a> [3273372964] it is doing it wrong. Please report it to the developer and use a better browser.</htmltext>
<tokenext>If your browser is performing a dns lookup for http : //3273372964/en/weblog ? weblogid = 208188044 [ 3273372964 ] it is doing it wrong .
Please report it to the developer and use a better browser .</tokentext>
<sentencetext>If your browser is performing a dns lookup for http://3273372964/en/weblog?weblogid=208188044 [3273372964] it is doing it wrong.
Please report it to the developer and use a better browser.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591374</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591196</id>
	<title>Technical details here</title>
	<author>Anonymous</author>
	<datestamp>1269347160000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext>The linked article is next to worthless. The real details are in this <a href="http://www.viruslist.com/en/weblog?weblogid=208188044" title="viruslist.com">blog post.</a> [viruslist.com]</htmltext>
<tokenext>The linked article is next to worthless .
The real details are in this blog post .
[ viruslist.com ]</tokentext>
<sentencetext>The linked article is next to worthless.
The real details are in this blog post.
[viruslist.com]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31595126</id>
	<title>Re:Oh come on</title>
	<author>chrb</author>
	<datestamp>1269427500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>It doesn't matter which way you enter the address into your browser, it still resolves to the same IP. If that IP is blocked, you won't get through even if you use this method.</p></div><p>Some of the major internet filters only block by domain name matching. You can bypass them by just using the IP address (of course, this fails when the site html contains URLs that specify the domain name.</p></div>
	</htmltext>
<tokenext>It does n't matter which way you enter the address into your browser , it still resolves to the same IP .
If that IP is blocked , you wo n't get through even if you use this method.Some of the major internet filters only block by domain name matching .
You can bypass them by just using the IP address ( of course , this fails when the site html contains URLs that specify the domain name .</tokentext>
<sentencetext>It doesn't matter which way you enter the address into your browser, it still resolves to the same IP.
If that IP is blocked, you won't get through even if you use this method.Some of the major internet filters only block by domain name matching.
You can bypass them by just using the IP address (of course, this fails when the site html contains URLs that specify the domain name.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591300</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592390</id>
	<title>1998 called, they want their evasion techniqz back</title>
	<author>Anonymous</author>
	<datestamp>1269353760000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>http://www.packetstormsecurity.org/mag/keen/kv6.txt</p></htmltext>
<tokenext>http : //www.packetstormsecurity.org/mag/keen/kv6.txt</tokentext>
<sentencetext>http://www.packetstormsecurity.org/mag/keen/kv6.txt</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591360</id>
	<title>And the lesson people don't learn is...</title>
	<author>Estanislao Martínez</author>
	<datestamp>1269347820000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>You can't just do things like this based on the <b>syntax</b> of the input, but rather on the <b>semantics</b>.  In this case, to properly block the URLs, you need to parse them and transform them into an abstract representation of what they <b>mean</b>, e.g. a struct that encodes the protocol, host, port, document and query strings, and then examine the parse result to check if it matches the rule.

</p><p>The IT industry just systematically fails this over and over, because of people's bad habit of doing shit with regular expressions instead of parsing and semantic analysis.  See, for example, the gazillion ways that people get around cross-site scripting filters; or if you want to see it from the other angle (generation instead of parsing), see SQL injection.</p></htmltext>
<tokenext>You ca n't just do things like this based on the syntax of the input , but rather on the semantics .
In this case , to properly block the URLs , you need to parse them and transform them into an abstract representation of what they mean , e.g .
a struct that encodes the protocol , host , port , document and query strings , and then examine the parse result to check if it matches the rule .
The IT industry just systematically fails this over and over , because of people 's bad habit of doing shit with regular expressions instead of parsing and semantic analysis .
See , for example , the gazillion ways that people get around cross-site scripting filters ; or if you want to see it from the other angle ( generation instead of parsing ) , see SQL injection .</tokentext>
<sentencetext>You can't just do things like this based on the syntax of the input, but rather on the semantics.
In this case, to properly block the URLs, you need to parse them and transform them into an abstract representation of what they mean, e.g.
a struct that encodes the protocol, host, port, document and query strings, and then examine the parse result to check if it matches the rule.
The IT industry just systematically fails this over and over, because of people's bad habit of doing shit with regular expressions instead of parsing and semantic analysis.
See, for example, the gazillion ways that people get around cross-site scripting filters; or if you want to see it from the other angle (generation instead of parsing), see SQL injection.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591404</id>
	<title>Big problem</title>
	<author>Bogtha</author>
	<datestamp>1269347940000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext><p>
The problem with this approach is that the requested URL doesn't provide a hostname, just the IP address.  As IP addresses are in short supply, it has been an extremely common practice for years to assign multiple websites to a single IP address, otherwise known as name-based virtual hosting.  This is common even for large companies.  When you specify the URL with an IP address, the browser doesn't provide an appropriate <tt>Host:</tt> HTTP header, so any web server set up this way won't know which of the many websites it hosts should be returned.  This means that anybody browsing the web with this technique will find that some websites work and some won't, seemingly at random to them.
</p></htmltext>
<tokenext>The problem with this approach is that the requested URL does n't provide a hostname , just the IP address .
As IP addresses are in short supply , it has been an extremely common practice for years to assign multiple websites to a single IP address , otherwise known as name-based virtual hosting .
This is common even for large companies .
When you specify the URL with an IP address , the browser does n't provide an appropriate Host : HTTP header , so any web server set up this way wo n't know which of the many websites it hosts should be returned .
This means that anybody browsing the web with this technique will find that some websites work and some wo n't , seemingly at random to them .</tokentext>
<sentencetext>
The problem with this approach is that the requested URL doesn't provide a hostname, just the IP address.
As IP addresses are in short supply, it has been an extremely common practice for years to assign multiple websites to a single IP address, otherwise known as name-based virtual hosting.
This is common even for large companies.
When you specify the URL with an IP address, the browser doesn't provide an appropriate Host: HTTP header, so any web server set up this way won't know which of the many websites it hosts should be returned.
This means that anybody browsing the web with this technique will find that some websites work and some won't, seemingly at random to them.
</sentencetext>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591402
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591208
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31595442
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591538
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31595018
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591276
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592254
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591432
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31599108
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591262
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591984
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591300
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591700
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591300
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31593046
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591520
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31593022
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591196
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591424
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591300
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31594550
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591310
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_28</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591440
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591300
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_32</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592906
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591300
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31593284
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591276
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591598
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591244
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591642
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591374
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591196
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591924
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591300
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_31</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31593308
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591300
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592856
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591262
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591736
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591300
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_30</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591576
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591244
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591624
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591374
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591196
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592804
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591276
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591730
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591300
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592518
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591208
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31593464
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591310
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31594778
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591208
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_29</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591872
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591572
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591432
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591558
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591196
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31620696
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592486
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591196
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31595126
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591300
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591284
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591208
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_35</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591390
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591198
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_34</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592046
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591374
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591196
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_27</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31594188
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591972
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591196
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_23_239225_33</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592644
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591196
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_23_239225.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591808
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_23_239225.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591198
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591390
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_23_239225.15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591538
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31595442
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_23_239225.13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591208
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591284
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591402
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592518
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31594778
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_23_239225.16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591280
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_23_239225.14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591366
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_23_239225.17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591276
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31593284
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31595018
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592804
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_23_239225.18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591992
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_23_239225.11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591310
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31593464
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31594550
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_23_239225.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591196
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591972
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31594188
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592486
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31620696
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591374
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591642
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591624
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592046
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592644
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591558
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31593022
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_23_239225.12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592026
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_23_239225.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591180
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_23_239225.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591262
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31599108
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592856
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_23_239225.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591432
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592254
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591572
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591872
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_23_239225.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591360
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_23_239225.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591404
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_23_239225.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591244
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591576
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591598
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_23_239225.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591520
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31593046
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_23_239225.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591300
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591440
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31593308
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31595126
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591424
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591700
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591736
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591984
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591924
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31592906
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_23_239225.31591730
</commentlist>
</conversation>
