Defanging Malicious IP Addresses

Todd Turner
March 26th, 2020 · 1 min read

Leetcode problem #1108 involved writing a quite method to “defang” ip addresses. The problem was simple enough (answer is further down), however I was intrigued to find out more about IP defanging. I have been working in the technology sector for three years and I had never heard the term. All due respect, I may have been under a rock?

I wasn’t able to find too much on the topic, however, some good documentation from IBM answered my question.

Essentially, when handling artifacts (contents) from an email or just generally passing data blobs which contain IP addresses, URLS or domains, we can “defang” them from accidental user-navigation by obscuring the address by messing it up a bit. Messing the adddress will ensure automatic click-through links don’t action.

What Are Some Defanging Methods?

The following are some accepted methods for defanging addresses:

  • IP Addresses have brackets added to the dot separators: 8.8.8.8 -> 8[.]8[.]8[.]8
  • Domains have brackets added to the dot separators: www.toddtee.sh -> www[.]toddtee[.]sh
  • http / https converted to hxxp / hxxps
  • ftp converted to fxp

How Could We Quickly Defang With Python

The leetcode question simply wants to take an input IP address and return it in a defanged format.

I first attempted this question without using any string methods. And WOW; was it UGLY!!! But… you know what… it worked!

You Ugly!

1class Solution:
2 def defangIPaddr(self, address: str) -> str:
3 split_ip_chars = []
4 defanged_ip = ""
5 for char in address:
6 if char != ".":
7 split_ip_chars.append(char)
8 elif char == ".":
9 split_ip_chars.append("[.]")
10
11 for char in split_ip_chars:
12 defanged_ip = defanged_ip+char
13
14 return defanged_ip

A Simple Way

Good software developers write as little code as possible; and when forced to, they keep the code simple and clean. The simpler way to defang would be to use string methods split() and join():

1class Solution:
2 def defangIPaddr(self, address: str) -> str:
3 return "[.]".join(address.split("."))

So this is a much simpler way of solving the issue; first we split the address on the dot seperators and then return the split array joined by the bracketed dots.

This is great, however I think we can write this even cleaner (and human friendly).

A Human Way

I personally prefer solving this issue with the replace() method. It is simple and even easier to read; so I am assuming 9/10 humans would prefer this way:

1class Solution:
2 def defangIPaddr(self, address: str) -> str:
3 return address.replace(".", "[.]")

That is my preferred method… keep it reeeeeeal simple.

Simple Math

More articles from toddtee

Synchronisation Primitives in Python

AKA: Avoiding Race Conditions when Multi-Threading in Python

March 24th, 2020 · 2 min read

Hello COVID-19 World

Not really; I don't think we need to be too dramatic. In-fact, I really resisted even mentioning the virus, however it has led me (and everyone) to an interesting set of circumstances...

March 18th, 2020 · 1 min read
© 2020 toddtee
Link to $https://twitter.com/ToddTeeTurnerLink to $https://www.linkedin.com/in/ttturner/