Comment on 0.0.0.0 Day - 18 Yr Old Vulnerability Let Attackers Bypass All Browser Security
dan@upvote.au 4 months agowhich was based on RFC 1122, which states:
We now summarize the important special cases for Class A, B, and C IP addresses, using the following notation for an IP address: { <Network-number>, <Host-number> } or { <Network-number>, <Subnet-number>, <Host-number> } and the notation "-1" for a field that contains all 1 bits. This notation is not intended to imply that the 1-bits in an address mask need be contiguous. ... (a) { 0, 0 } This host on this network. MUST NOT be sent, except as a source address as part of an initialization procedure by which the host learns its own IP address. See also Section 3.3.6 for a non-standard use of {0,0}.
(section 3.3.6 just talks about broadcasts)
drwho@beehaw.org 4 months ago
Okay, I see where I went wrong. Thank you.
I don’t think 0.0.0.0 works for broadcasts anymore, either - I think those get filtered by default these days.
dan@upvote.au 4 months ago
I wasn’t disagreeing with you :) or at least I think I wasn’t. I was just quoting the RFC you linked to.