All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
Bluesky
Twitter
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Phishing Attack Uses IPv4-Mapped IPv6 Address to Bypass Security Controls

By

SANS Internet Storm Center

3h ago· 2 min readenInsight

Summary

A security researcher detected a phishing email targeting a major Belgian bank. While the phishing itself is standard, the malicious link uses an IPv4-mapped IPv6 address (::ffff:5511:74be) to bypass simple security controls that extract domain names and IP addresses via regular expressions. The technique exploits URL parsers that interpret the bracket notation as a literal IPv6 address, allowing the attacker to hide the actual destination.

Source

bskyPhishing Attack Uses IPv4-Mapped IPv6 Address to Bypass Security Controlsisc.sans.edu

Key quotes

· 3 pulled
The technique used by the attacker is to bypass simple security controls trying to extract domain names and IP addresses via simple regular expressions.
The notation "[…]" tells the URL parser that what's inside is a literal IPv6 address. But it's not a real IPv6 address.
The started "::" in the address means that it can be expanded to this address: 0000:0
Snippet from the RSS feed
eBanking Phishing Delivered Through IPv4-Mapped IPv6 Address, Author: Xavier Mertens

You might also wanna read

Beyond the Hook: A Technical Deep Dive into Modern Phishing Methodologies

blog.quarkslab.com·11mo ago

Efficient IP Address Parsing: Fast Methods Without SIMD or Portability Issues

The article discusses efficient methods for parsing IP addresses, focusing on achieving high performance without relying on specialized SIMD

lemire.me·5mo ago

Spoofing OpenPGP.js signature verification

codeanlabs.com·1y ago

Tool That Makes URLs Appear Malicious Through Redirection

This article describes a web tool that transforms any URL to make it appear malicious or 'phishy' through redirection, similar to how URL sh

phishyurl.com·9mo ago

How to Bypass Imgur's UK Geo-Block with a Network-Wide Proxy Solution

The article describes how the author responded to Imgur's geo-blocking of UK users by implementing a network-wide proxy solution rather than

blog.tymscar.com·6mo ago

The Security Risks of 6-Digit Code Logins

The article criticizes the widespread use of 6-digit code logins as a replacement for passwords, highlighting their security vulnerabilities

blog.danielh.cc·10mo ago