intet_aton() accepts the identity of a host in a variety of formats: hostname/fqdn or: # #.# #.#.# #.#.#.# where "#" can be on any position: - decimal (number 0-255) - hex (preceeded by "0x") - octal (leading zero "0")
-
-
Show this thread
-
Each "#" represents 8 bits, except the last, which represents any number of bits to reach a total of 32. E.g. # represents a 32 bit number in three different representations: dec, hex or oct. Or #.#.# represent 8-8-16 bits, again each of the numbers can be dec, hex or oct.
Show this thread -
The number/dot representation of inet_aton() allows 120 different formats for an IPv4 address: 3+(3*3)+(3*3*3)+(3*3*3*3) possibilities 192.0.2.1 can also be written as 0xC0.513 or 3221225985 or 117 other different representations. (not counting upper/lower case)
Show this thread -
A segment in a DNS label may start with a number (except TLD), even all numbers are allowed. We have ambiguity if the leftmost segment (aka host) is numbers alone or starts with 0x followed by 0-9,A-F.
Show this thread -
Demo: Both attempts should produce the same result (DNS suffix was configured as "example. com"). The host "one" should resolve for one.example. com and "1" should resolve for 1.example. com "one" is resolved correctly, "1" is interpreted as 0.0.0.1pic.twitter.com/LR7owRhjqS
Show this thread -
The same would happen if I tried to ping "0xC0.513": inet_aton() would use 192.0.2.1 instead of the IPv4 address associated with 0xC0.513.example. com (a perfectly valid fqdn), which should be 127.0.0.1 in my example. (I believe
@notdan trolled a few peeps recently with this)Show this thread -
Security Issues: If you search for IPv4 addresses in the textual representation, e.g. within a URL or user-input you might get some surprises (false pos/neg) when using: - IoCs - YARA rules - Possibly Apache ModSec - Prevention of Botnet/CC
Show this thread -
Affected are most IPv4 implementations:
@Windows, Linux, OS X, to some extent Android, possibly iOS. The behavior is known to many people but you find seldom a discussion about or steps to prevent IoC/security evasion or host/IPv4 ambiguity.Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.