0.0.0.0 Day - 18 Yr Old Vulnerability Let Attackers Bypass All Browser Security - eviltoast
  • dan@upvote.au
    link
    fedilink
    arrow-up
    15
    ·
    edit-2
    3 months ago

    From that RFC:

    0.0.0.0/8 - Addresses in this block refer to source hosts on "this"
    network.  Address 0.0.0.0/32 may be used as a source address for this
    host on this network; other addresses within 0.0.0.0/8 may be used to
    refer to specified hosts on this network ([RFC1122], Section
    3.2.1.3).
    

    (note that it only says “source address”)

    which was based on RFC 1122, which states:

    We now summarize the important special cases for Class A, B,
    and C IP addresses, using the following notation for an IP
    address:
    
        { <Network-number>, <Host-number> }
    
    or
        { <Network-number>, <Subnet-number>, <Host-number> }
    
    ...
    
    (a)  { 0, 0 }
    
    This host on this network.  MUST NOT be sent, except as
    a source address as part of an initialization procedure
    by which the host learns its own IP address.
    
    See also Section 3.3.6 for a non-standard use of {0,0}.
    

    (section 3.3.6 just talks about it being a legacy IP for broadcasts - I don’t think that even works any more)

    • The Doctor@beehaw.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 months ago

      Okay, I see where I went wrong. Thank you.

      I don’t think 0.0.0.0 works for broadcasts anymore, either - I think those get filtered by default these days.

      • dan@upvote.au
        link
        fedilink
        arrow-up
        2
        ·
        3 months ago

        I wasn’t disagreeing with you :) or at least I think I wasn’t. I was just quoting the RFC you linked to.