The Internet Storm Center and DShield websites are about 25 years old. Back in the day, I made some questionable decisions that I have never quite cleaned up later. One of these decisions was to use a "15 character 0-padded" format for IP addresses. This format padded each byte in the IP address with leading 0's, ensuring that they were all 15 characters long (including the '.'). 

At the time, this was a quick and efficient solution to make sure that IP addresses could be easily sorted. At the time, I don't think MySQL had an "inet_aton()" function to easily convert IP addresses into unsigned long integers, and initially, the MySQL implementation of inet_aton() returned a signed integer, not an unsigned integer.

But this format is also just wrong, and leads to ambiguities, as leading zeros usually indicate an octal format. So over the last couple of weeks, I started the process to finally switch IP addresses to the normal "dotted decimal" format. The first RFC defining this format is, as far as I know, RFC 2851 from June 2000, around the same time the original DShield database schema was conceived. The current version of this standard is RFC 4001.

Please let me know if you see the "old-fashioned" format on various pages. Historic data may take a while to convert. Luckily, the MySQL inet_aton() function is still not quite right, and ignores leading zeros instead of treating the respective bytes as octal. 

--
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|