iagox86 · August 22, 2012 18:39
diff --git a/mutt-armitage-1000-3028-536374109846550682 b/mutt-armitage-1000-3028-536374109846550682
 Hello Ron,

 one day i stumbled upon your blog searching for some dns tunnel stuff. I
 found it really interesting. You write what is essential about security,
 speak out the warnings and also talk about fun things to do. Despite the
 fact I am not an Sec.-Specialist, I like to read stuff about it and what
 all can be done. I will definitely try your tools when I have free time.

 While various scenarios go through my head and reading some articles about
 nbns (the MS article about max. NB names and so on)  i experimented a
 little.

 In this article stand something about Names starting with a numbers and
 dots in it only which can be interesting when you have a computername
 formed like an IP address.
 E.g.: Computername: 10.10.10.10
 This is all pretty neat i thought, but only will theoretically work with
 Win Computers.

 Also pings on 10.10.10 (no 4th byte) will cause a ping to 10.10.0.10.

 But now it comes and I don't know if its already an old shoe to the ITSec
 scene.

 if i wrote an IP number like 10.10.10.10 all seems to be ok.
 syss$ ping 10.10.10.10
 PING 10.10.10.10 (10.10.10.10): 56 data bytes
 Request timeout for icmp_seq 0

 but if I had a typo in my IP i probably would look like this: 10.10.10.01
 syss$ ping 10.10.10.01
 PING 10.10.10.01 (10.10.10.1): 56 data bytes
 Request timeout for icmp_seq 0

 all ok. but there is one thing neither windows nor linux(+mac) cant handle:

 syss$ ping 10.10.10.08
 ping: cannot resolve 10.10.10.08: Unknown host

 as you can see the output is different. It does not say req timeout, it
 says unknown host.
 This comes from a "misinterpretation" of the trailing 08. The zero at the
 beginning initializes an octal number.
 And as we both know, the octal numbers only go from 0-7, eight therefore is
 no octal number anymore. So it comes, that the system interprets it as a
 name.

 It can also be if you want to ping the 10.10.10.207 and had a typo the
 result will be the following:
 syss$ ping 10.10.10.027
 PING 10.10.10.027 (10.10.10.23): 56 data bytes
 Request timeout for icmp_seq 0
 the 027 resolves into 23

 So here comes my question: is theoretically possible to pretend that my
 computer has the name 10.10.10.08 ?
 And can the DNS Servers also resolve this correctly if it was possible?

 If this could run as the idea in my brain it would be an interesting idea
 to not only perform MITMA against Win but also Linux hosts.

 Can you please tell me what do you think about this?
 Hope to hear from you soon.
	Hello Ron,

	one day i stumbled upon your blog searching for some dns tunnel stuff. I
	found it really interesting. You write what is essential about security,
	speak out the warnings and also talk about fun things to do. Despite the
	fact I am not an Sec.-Specialist, I like to read stuff about it and what
	all can be done. I will definitely try your tools when I have free time.

	While various scenarios go through my head and reading some articles about
	nbns (the MS article about max. NB names and so on) i experimented a
	little.

	In this article stand something about Names starting with a numbers and
	dots in it only which can be interesting when you have a computername
	formed like an IP address.
	E.g.: Computername: 10.10.10.10
	This is all pretty neat i thought, but only will theoretically work with
	Win Computers.

	Also pings on 10.10.10 (no 4th byte) will cause a ping to 10.10.0.10.

	But now it comes and I don't know if its already an old shoe to the ITSec
	scene.

	if i wrote an IP number like 10.10.10.10 all seems to be ok.
	syss$ ping 10.10.10.10
	PING 10.10.10.10 (10.10.10.10): 56 data bytes
	Request timeout for icmp_seq 0

	but if I had a typo in my IP i probably would look like this: 10.10.10.01
	syss$ ping 10.10.10.01
	PING 10.10.10.01 (10.10.10.1): 56 data bytes
	Request timeout for icmp_seq 0

	all ok. but there is one thing neither windows nor linux(+mac) cant handle:

	syss$ ping 10.10.10.08
	ping: cannot resolve 10.10.10.08: Unknown host

	as you can see the output is different. It does not say req timeout, it
	says unknown host.
	This comes from a "misinterpretation" of the trailing 08. The zero at the
	beginning initializes an octal number.
	And as we both know, the octal numbers only go from 0-7, eight therefore is
	no octal number anymore. So it comes, that the system interprets it as a
	name.

	It can also be if you want to ping the 10.10.10.207 and had a typo the
	result will be the following:
	syss$ ping 10.10.10.027
	PING 10.10.10.027 (10.10.10.23): 56 data bytes
	Request timeout for icmp_seq 0
	the 027 resolves into 23

	So here comes my question: is theoretically possible to pretend that my
	computer has the name 10.10.10.08 ?
	And can the DNS Servers also resolve this correctly if it was possible?

	If this could run as the idea in my brain it would be an interesting idea
	to not only perform MITMA against Win but also Linux hosts.

	Can you please tell me what do you think about this?
	Hope to hear from you soon.