[HN Gopher] There's more than one way to write an IP address (2019)
___________________________________________________________________
There's more than one way to write an IP address (2019)
Author : KomoD
Score : 160 points
Date : 2023-04-28 17:07 UTC (5 hours ago)
(HTM) web link (ma.ttias.be)
(TXT) w3m dump (ma.ttias.be)
| rep_lodsb wrote:
| http://032166163360 => news.ycombinator.com
| tinglymintyfrsh wrote:
| ~~HN or~~ Firefox rewrote in dotted-quad.
| ackfoobar wrote:
| Although `href="http://032166163360"` firefox says the link is
| `209.216.230.240`.
|
| Try also http://0xD1D8E6F0 and http://3520653040
| 1970-01-01 wrote:
| Hah, this reminds me of early firewall bypass techniques. A long
| time ago, getting to your destination via octal notation was a
| hack.
| RobotToaster wrote:
| I'm disappointed 0b doesn't work.
| mdmglr wrote:
| Is this an artifact of ping or a standard?
| ryan-c wrote:
| inet_aton is cursed:
|
| https://linux.die.net/man/3/inet_aton
| billpg wrote:
| ... but please don't.
| lucb1e wrote:
| I use this to store IP addresses in a database because you can
| operate on numbers (e.g. WHERE subnet_start < $thisip <
| subnet_end) but hardly on the unique dotted format that we
| normally display them as.
|
| Also to specify a bind address when I don't care, like running
| `php -S 0:3000` (the silly thing wants a bind address rather
| than only a port number. There, have one!) or accessing
| localhost in a browser (just typing 0:3000 is enough). For
| 127.0.0.1, unfortunately the best you can do is writing 127.1.
| The numeric, hex, and octal variants are 2130706433,
| 0x7f000001, and 017700000001, which I personally don't find
| preferable to 127.1.
| chrisdhal wrote:
| If you're using a database, use something like Postgres that
| has this functionality built in[0]. You can store IPs,
| networks, etc. in a native format that has all sorts of
| functionality available out of the box.
|
| [0] https://www.postgresql.org/docs/current/functions-
| net.html
| crazygringo wrote:
| Yes, storing is different from displaying though.
|
| In MySQL for example, that's what INET_ATON() and INET_NTOA()
| are for, to convert between binary and display.
|
| Analogous to storing timestamps but displaying as datetimes
| in a timezone.
| wjholden wrote:
| This is why I love this site. I've been doing networking
| for many years and I'm not a total novice in databases, but
| I had no idea MySQL had these functions.
| lucb1e wrote:
| I'd still much rather store something that can be indexed
| in a btree than something where you have to always call a
| function on and do full table scans. Of course, before
| displaying to the user you'd use long2ip again (or the
| database equivalent you mentioned; I usually avoid doing
| unnecessary computations on the database and, instead, let
| the application handle display logic).
| crazygringo wrote:
| Sorry if I wasn't clear, I was agreeing with you! Yes
| precisely for indexing (plus just a fixed column size
| that wastes no space).
| ghayes wrote:
| I'm not convinced we shouldn't have (originally) adopted using
| pure hex, e.g. 0x7F000001 instead of 127.0.0.1. Personally, I
| think it makes subnet masks, etc, a lot _more_ obvious.
| capitainenemo wrote:
| Obviously the octal and hex and overflow are pretty cursed, but
| I do like using 10.0.0.* for home IPv4 just 'cause typing ssh
| 10.1 is so darn convenient.
| kbenson wrote:
| Or set up local DNS and search domains, or even just add
| entries to your hosts file. `ssh fw` is easy, as is `ssh
| server`, which while more characters are more in the central
| typing plane.
| capitainenemo wrote:
| I have those too, but I'm familiar with all the IPs and I
| just got tired of adding DNS entries. Esp for some
| predictable ones in the "dynamic" range.
|
| Also there are times I don't have DNS working. Often times
| at some console where copy/paste also isn't working or
| where I don't even have a mouse, and I extra appreciate the
| simpler typing :)
| theandrewbailey wrote:
| I switched to the 10/8 block at home because it's less stupid
| than typing 192.168.whatever for everything local. I'll have
| to try this.
| ianburrell wrote:
| I think the IP address libraries should only accept the
| standard dotted decimal octet form. And let the others die as
| non-standard, historical forms.
| dang wrote:
| Discussed at the time:
|
| _There's more than one way to write an IP address_ -
| https://news.ycombinator.com/item?id=20390759 - July 2019 (48
| comments)
| lucb1e wrote:
| > Here's another neat trick. You can overflow a digit. \n\n [...]
| PING 10.0.513 (10.0.2.1)
|
| That's not exactly what's happening. You're omitting the fourth
| octet so this is then interpreted as a decimal part of the
| address (you can also have it be interpreted as hex or octal with
| the usual prefixes).
|
| 10.0.0.513 won't work because overflow isn't really what's
| happening. (For a minute you had me wondering if I missed
| something in my IP address variants tool because I didn't know
| that 9.256.0.1 would work as 10.0.0.1, but no, it can't and I've
| got the other case covered. Whew!)
|
| The example can be written more succinctly as 10.513
| ta1243 wrote:
| > The example can be written more succinctly as 10.513
|
| The most useful example I use on a day to day basis is
| dig foo.com @1.1
|
| or ping 1.1
|
| Which expands to 1.0.0.1
| moefh wrote:
| Interesting, so that's also whats happening with 127.1 and
| 127.0.1: the zeroes are not being "inserted automatically",
| they come from expanding the last number (1) into the bits for
| the last bytes of the address.
|
| To make it clearer:
|
| - for "x", then "x" is all 4 bytes of the address
|
| - for "x.y", then "x" is the first byte of the address and "y"
| the last 3 bytes
|
| - for "x.y.z", then "x" is the first byte, "y" is the second"
| and "z" is the last 2
|
| - for "x.y.z.w", then each of the numbers is its own byte
| eftychis wrote:
| That is correct. The dots are there for our convenience to be
| able to spot individual bytes. I hope the author addresses
| and edits their article accordingly.
| electroly wrote:
| What's happening is more obvious when you consider that you can
| equivalently write it as simply 167772673. Try `ping
| 167772673`!
| rnk wrote:
| How about 134744072, that hits my favorite am-I-connected
| site. I never knew you could put an int representing the 4
| bytes together until today, this is really fun.
|
| Even hex works, but doesn't hit a site that responds: (ping
| 0xcafebeef).
| peoplearepeople wrote:
| I enjoy using "ping 0x1010101"
| lucb1e wrote:
| No need to ping if all you want is the conversion :)
|
| Just type it into the address bar:
| https://snipboard.io/kbLTso.jpg (previously posted that
| screenshot in 2021
| https://news.ycombinator.com/item?id=29050936)
| sigjuice wrote:
| The address bar is also a bit excessive for doing
| conversions. $ getent hosts 127.1
| 127.0.0.1 127.1
| lxe wrote:
| What's the history behind this? I doubt there was legacy or
| backwards compat reasoning? Allowing for such a loose and wide
| interpretation makes for complicated parsing and numerous
| exploits.
| pcthrowaway wrote:
| I don't know about the hex representation, but the binary
| representation is useful for figuring out CIDR ranges
| justsomehnguy wrote:
| Most of the time it is just a banal shenanigans of strtoint
| conversions and how exactly the dotted decimal parser was
| written.
|
| > for complicated parsing
|
| Somewhat
|
| > numerous exploits.
|
| Nah. It's mostly localized to a _string to hostname_
| processing, ie it never occurs in the network stack and happens
| on the user 'side of things and permissions (think CLI and
| interpreted languges)
| billyhoffman wrote:
| not exploits of the OS, but I've used this to exploit web
| applications quite a bit. Tricks like these get your past a
| lot of input filters or validation logic. This allows me to
| trick these apps into making HTTP requests to internal or
| private IPs/hosts.
|
| As an example, think of a cloud based web performance
| monitoring system. I trick it into making HTTP requests to
| 169.254.169.254, and I get access to data from their AWS
| metadata service...
| justsomehnguy wrote:
| Yep. Skipped this part (not at "he desktop RN) but honestly
| this is more in 'check what you accept' and input data
| validation|sanitation. Still a valid target for an exploit
| but you really need a bunch of things ('web performance
| monitoring system') to happen before you can have a
| meaningful usage (if at all) from these exploits.
| ggm wrote:
| Unisys used commas in its presentation format. Major bummer in
| the late 80s commissioning a new library catalogue system.
| Lightbody wrote:
| I "ping 1.1" as my go-to network availability test.
|
| It checks to see if Cloudflare is responding, which 99.9% of the
| time is going to tell you if your internet is working :)
| lucb1e wrote:
| Here's a list of all the ways (and notation combinations) you can
| make with your IP address:
| https://lucb1e.com/randomprojects/php/funnip.php
| squeaky-clean wrote:
| The first time I ever saw a hexadecimal ip was in a spam text
| message, one of those "click here for your prize". I laughed to
| myself thinking whoever wrote their spambot had messed up the url
| but to my surprise the link worked. I didn't ever receive my
| prize...
| fsckboy wrote:
| the education you received was more valuable than any monetary
| reward. $2k you earn yourself is worth more than $100k given to
| you for free.
| anaganisk wrote:
| Worth it in an ideal world, in the real world it's a bad
| advice to compare given vs earned. We wouldn't have the
| majority of the companies if the founders didn't have the
| wealth given for them to bootstrap.
| kccqzy wrote:
| It's a common trick to evade spam detection, because the writer
| of the spam detection software probably didn't think about
| those weird IP address formats and would fail to extract the
| URL.
| crazygringo wrote:
| > _$ ping 10.0.2.010_
|
| > _PING 10.0.2.010 (10.0.2.8)..._
|
| It was all fun and games until they started _mixing_ bases,
| decimal and octal in the same address.
|
| That's just cursed.
| bragr wrote:
| Personally, when I was trying to wrap my head around CIDRs for
| the first time, thinking about IPs at one 32 bit number (a la hex
| formatting) was super helpful, and makes it less annoying to
| leave behind the nice /8 /16 /24 chunks. Thinking of terms of
| just bitmasks is also pretty straight forward in the end.
| macintux wrote:
| I gave a class on TCP/IP to other consultants in my company 20
| years ago. The day went well right up until the end when I
| covered bitmasks, at which point eyes universally glazed over.
|
| Lesson learned: always save that topic for last, so the rest of
| the day isn't a disaster.
| NoZebra120vClip wrote:
| In community college not 5 years ago, I took the first two of
| a series of Cisco networking classes designed to prep for
| certifications such as CCNA.
|
| When we came upon CIDR and VLSM, our instructor (very
| knowledgeable, down-to-earth, pragmatic) introduced us to
| various calculators that could assist us, although he did
| also show us a manual way to graph out each bit. Then he
| admitted that the VLSM portion of the class had often driven
| his previous students to tears, and he didn't want to see
| anyone crying over this anymore.
| bobogei81123 wrote:
| I thought the article will mention 127.0.0.1
|
| $ ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
| tinglymintyfrsh wrote:
| This requires a terminal or shell with Unicode normalization.
| samstave wrote:
| We should be able to spell out IPv4 and IPv6 addresses in
| WingDings.
|
| EDIT: WingDings is the Grandparents to Emojis.
| gregschlom wrote:
| That's neat, but it's a property of the OS, though, not of IP
| addresses themselves :)
|
| (doesn't work on Windows btw)
| tyingq wrote:
| >(doesn't work on Windows btw)
|
| Works in Gitbash in Microsoft Terminal, which is cheating a
| bit, but doesn't introduce a different OS.
|
| Edit: Works in Powershell too.
| 8organicbits wrote:
| Works in Firefox on Linux for me. Probably some form of
| unicode normalization?
|
| http://xn--orhcp.xn--mvh.xn--mvh.xn--orh:8000 ->
| http://127.0.0.1:8000
| 8organicbits wrote:
| Oh wow, I think HN normalized the unicode with punycode
| since it's a URL. I submitted with 127.0.0.1 inside the
| http:// and :8000 And the punicode version also works for
| me :)
| Tommstein wrote:
| Just tried both versions in Firefox on Linux, they work
| for me too.
| dtgriscom wrote:
| Doesn't work on macOS Ventura 13.3.
| joeframbach wrote:
| Javascript seems to normalize these automatically:
| const a = document.createElement('a'); a.href =
| 'http://032166163360'; console.log(a.href); //
| "http://209.216.230.240/" a.href =
| 'http://127.1' console.log(a.href); //
| "http://127.0.0.1/" a.href = 'http://10.50.1'
| console.log(a.href); // "http://10.50.0.1/"
| a.href = 'http://10.0.513' console.log(a.href);
| // "http://10.0.2.1/" a.href =
| 'http://0xA000201' console.log(a.href); //
| "http://10.0.2.1/" a.href = 'http://10.0.2.010'
| console.log(a.href); // "http://10.0.2.8/"
|
| and also: console.log(new
| URL('http://10.0.513').host) // "10.0.2.1"
| rwalle wrote:
| I think you mean browser (more specifically HTML standard), not
| JavaScript
| LegionMammal978 wrote:
| In particular, IPv4 address parsing for URL hosts is
| specified in https://url.spec.whatwg.org/#concept-
| ipv4-parser, in WHATWG's URL Standard.
| geraldcombs wrote:
| It (and most other scripting languages) are likely just calling
| inet_aton under the hood.
| tinglymintyfrsh wrote:
| And proper inet_aton allows even more formats (IPv4 only):
|
| u32 undotted
|
| u8.u24 dotted-signal
|
| u8.u8.u16 dotted-triple
|
| u8.u8.u8.u8 dotted-quad
|
| ^ where each of the above is allowed to be octal, hex, or
| decimal
| lucb1e wrote:
| This wasn't always the case. For years, my website had a
| numeric vhost configured with an easter egg but I don't think
| anyone ever visited it. Then I noticed, maybe four years ago,
| that firefox now translates the IP address into dotted quad
| notation and use that as a Host header instead of what the user
| typed, so it would never trigger now anyway.
|
| The internet used to be more fun when it was all fun and games
| and we didn't need to worry about every possible type of user
| misleading :(
| bombcar wrote:
| Aren't there some other ones? IIRC the standard "IP address
| handler library" would do things like "try any possible way of
| interpreting it" and would work on words, etc.
| rasengan wrote:
| You could represent each octet as an ASCII char reducing it to
| 4 characters.
| dragonwriter wrote:
| > You could represent each octet as an ASCII char reducing it
| to 4 characters.
|
| Except ASCII is 7-bit, and a number of those are control
| characters. So you couldn't, and many that you could would be
| unreadable. <DEL><NUL><NUL><SOH> for localhost is... not
| ideal.
| lucb1e wrote:
| That sounds like good laptop sticker material. Could even
| give readers a hint by using the "there's no place like"
| saying that I've seen applied to 127.0.0.1 and ::1 already,
| or prefix some hacking tool. I wonder how many people would
| get it.
|
| There's no place like <DEL><NUL><NUL><SOH>
| ryan-c wrote:
| Or 5 base85 digits if you wanted to ensure there were no
| control characters...
| chaorace wrote:
| There are _no_ officially adopted text-representations (for
| IPv4), only binary ones. In other words: there are
| simultaneously infinitely more possibilities and exactly zero.
|
| For the most part, applications tend to punt the job of
| interpreting such text address representations to the IP stack
| (usually embedded in the OS kernel). These vary in what they'll
| accept by implementation and version, but they tend to be
| extremely good at interpreting whatever arbitrary nonsense
| people have historically been likely to try. As a result, there
| are surprisingly few application-level libraries which even
| attempt to deal with that mess.
| thequux wrote:
| I only know of two operating systems where IP address parsing
| (and the address resolver in general) is part of the TCP/IP
| stack: ITS and z/OS. MS-DOS gets an honorable mention due to
| not having any architectural distinction between parts of the
| system at all, and z/OS only qualifies because it's not
| entirely clear where the boundaries of the "TCP/IP stack" are
| to begin with. (One would be forgiven for thinking that the
| TCP/IP stack is contained in the address space called
| "TCPIP". However, significant parts of it are in the LPA,
| which is part of _every_ address space, and it 's not clear
| to me yet where exactly the resolver is.)
___________________________________________________________________
(page generated 2023-04-28 23:00 UTC)