Comment

Comment on 0.0.0.0 Day - 18 Yr Old Vulnerability Let Attackers Bypass All Browser Security

dan@upvote.au ⁨3⁩ ⁨months⁩ ago

which was based on RFC 1122, which states:

            We now summarize the important special cases for Class A, B,
            and C IP addresses, using the following notation for an IP
            address:

                { <Network-number>, <Host-number> }

            or
                { <Network-number>, <Subnet-number>, <Host-number> }

            and the notation "-1" for a field that contains all 1 bits.
            This notation is not intended to imply that the 1-bits in an
            address mask need be contiguous.
...
            (a)  { 0, 0 }

                 This host on this network.  MUST NOT be sent, except as
                 a source address as part of an initialization procedure
                 by which the host learns its own IP address.

                 See also Section 3.3.6 for a non-standard use of {0,0}.

(section 3.3.6 just talks about broadcasts)

source

Sort:hotnew top

drwho@beehaw.org ⁨3⁩ ⁨months⁩ ago
Okay, I see where I went wrong. Thank you.

I don’t think 0.0.0.0 works for broadcasts anymore, either - I think those get filtered by default these days.

source
- dan@upvote.au ⁨3⁩ ⁨months⁩ ago
  I wasn’t disagreeing with you :) or at least I think I wasn’t. I was just quoting the RFC you linked to.
  
  source