ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers - eviltoast

From The Hacker News

  • palordrolap@kbin.social
    link
    fedilink
    arrow-up
    24
    ·
    1 year ago

    Surprised this isn’t a better known / prevented vector. I remember experimenting with variant IPs like this in IE6 over 20 years ago.

    Checking now with Firefox and it auto-translates on the line below as I type one in. (Tried both 0x7f000001 and 2130706433 because they’re both variants of 127.0.0.1, and if there’s something bad running on that address you have other problems.)

    Irrelevant nerd fact: 2130706433 is a prime number.