0.0.0.0 Day - 18 Yr Old Vulnerability Let Attackers Bypass All Browser Security - eviltoast
    • dan@upvote.au
      link
      fedilink
      arrow-up
      15
      ·
      edit-2
      3 months ago

      From that RFC:

      0.0.0.0/8 - Addresses in this block refer to source hosts on "this"
      network.  Address 0.0.0.0/32 may be used as a source address for this
      host on this network; other addresses within 0.0.0.0/8 may be used to
      refer to specified hosts on this network ([RFC1122], Section
      3.2.1.3).
      

      (note that it only says “source address”)

      which was based on RFC 1122, which states:

      We now summarize the important special cases for Class A, B,
      and C IP addresses, using the following notation for an IP
      address:
      
          { <Network-number>, <Host-number> }
      
      or
          { <Network-number>, <Subnet-number>, <Host-number> }
      
      ...
      
      (a)  { 0, 0 }
      
      This host on this network.  MUST NOT be sent, except as
      a source address as part of an initialization procedure
      by which the host learns its own IP address.
      
      See also Section 3.3.6 for a non-standard use of {0,0}.
      

      (section 3.3.6 just talks about it being a legacy IP for broadcasts - I don’t think that even works any more)

      • The Doctor@beehaw.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        3 months ago

        Okay, I see where I went wrong. Thank you.

        I don’t think 0.0.0.0 works for broadcasts anymore, either - I think those get filtered by default these days.

        • dan@upvote.au
          link
          fedilink
          arrow-up
          2
          ·
          3 months ago

          I wasn’t disagreeing with you :) or at least I think I wasn’t. I was just quoting the RFC you linked to.