Security Incidents mailing list archives
Re: Spider with improbable IP address
From: Bennett Todd <bet () rahul net>
Date: Fri, 15 Oct 2004 17:30:21 +0000
2004-10-14T18:14:01 Ed Wittmann:
xxx.xxx.xxx.0 Now, I was under the assumption that you can't send and receive on this address - but the requests come in here, and they're clearly going back out here. The weblogs show this address.
The .0 address is routinely the network number, not a usable IP address --- but this is only because CIDR blocks used as IP nets are routinely /24 and smaller. Consider the perfectly legitimate IP network (in RFC 1918 space, for illustration purposes) 10.0.0.0/23 Here are the relevent details: 255.255.255.128 netmask 10.0.0.0 network number 10.0.0.1 host addr 10.0.0.2 host addr ... 10.0.0.254 host addr 10.0.0.255 host addr ==> 10.0.1.0 host addr 10.0.1.1 host addr ... 10.0.1.254 host addr 10.0.1.255 broadcast addr There's a legit xxx.xxx.xxx.0 host addr. And right before it is another unexpected sight, an xxx.xxx.xxx.255 host addr. -Bennett
Attachment:
_bin
Description:
Current thread:
- Spider with improbable IP address Ed Wittmann (Oct 15)
- Re: Spider with improbable IP address insecure (Oct 15)
- Re: Spider with improbable IP address Bennett Todd (Oct 15)
- Re: Spider with improbable IP address Ric Messier (Oct 18)
- Re: Spider with improbable IP address Bennett Todd (Oct 18)
- Re: Spider with improbable IP address Ric Messier (Oct 18)
- <Possible follow-ups>
- RE: Spider with improbable IP address k levinson (Oct 15)
- RE: Spider with improbable IP address Jobe Bittman (Oct 15)