Security Incidents mailing list archives

Re: Spider with improbable IP address

From: Bennett Todd <bet () rahul net>
Date: Fri, 15 Oct 2004 17:30:21 +0000

2004-10-14T18:14:01 Ed Wittmann:

xxx.xxx.xxx.0

Now, I was under the assumption that you can't send and receive on this
address - but the requests come in here, and they're clearly going back
out here. The weblogs show this address.


The .0 address is routinely the network number, not a usable IP
address --- but this is only because CIDR blocks used as IP nets are
routinely /24 and smaller. Consider the perfectly legitimate IP
network (in RFC 1918 space, for illustration purposes)

        10.0.0.0/23

Here are the relevent details:

        255.255.255.128 netmask
        10.0.0.0        network number
        10.0.0.1        host addr
        10.0.0.2        host addr
           ...
        10.0.0.254      host addr
        10.0.0.255      host addr
  ==>   10.0.1.0        host addr
        10.0.1.1        host addr
           ...
        10.0.1.254      host addr
        10.0.1.255      broadcast addr

There's a legit xxx.xxx.xxx.0 host addr. And right before it is
another unexpected sight, an xxx.xxx.xxx.255 host addr.

-Bennett

Attachment: _bin
Description:

Current thread:

Spider with improbable IP address Ed Wittmann (Oct 15)
- Re: Spider with improbable IP address insecure (Oct 15)
- Re: Spider with improbable IP address Bennett Todd (Oct 15)
  - Re: Spider with improbable IP address Ric Messier (Oct 18)
    - Re: Spider with improbable IP address Bennett Todd (Oct 18)
- <Possible follow-ups>
- RE: Spider with improbable IP address k levinson (Oct 15)
- RE: Spider with improbable IP address Jobe Bittman (Oct 15)