[HN Gopher] There's more than one way to write an IP address (2019) ___________________________________________________________________ There's more than one way to write an IP address (2019) Author : KomoD Score : 160 points Date : 2023-04-28 17:07 UTC (5 hours ago) (HTM) web link (ma.ttias.be) (TXT) w3m dump (ma.ttias.be) | rep_lodsb wrote: | http://032166163360 => news.ycombinator.com | tinglymintyfrsh wrote: | ~~HN or~~ Firefox rewrote in dotted-quad. | ackfoobar wrote: | Although `href="http://032166163360"` firefox says the link is | `209.216.230.240`. | | Try also http://0xD1D8E6F0 and http://3520653040 | 1970-01-01 wrote: | Hah, this reminds me of early firewall bypass techniques. A long | time ago, getting to your destination via octal notation was a | hack. | RobotToaster wrote: | I'm disappointed 0b doesn't work. | mdmglr wrote: | Is this an artifact of ping or a standard? | ryan-c wrote: | inet_aton is cursed: | | https://linux.die.net/man/3/inet_aton | billpg wrote: | ... but please don't. | lucb1e wrote: | I use this to store IP addresses in a database because you can | operate on numbers (e.g. WHERE subnet_start < $thisip < | subnet_end) but hardly on the unique dotted format that we | normally display them as. | | Also to specify a bind address when I don't care, like running | `php -S 0:3000` (the silly thing wants a bind address rather | than only a port number. There, have one!) or accessing | localhost in a browser (just typing 0:3000 is enough). For | 127.0.0.1, unfortunately the best you can do is writing 127.1. | The numeric, hex, and octal variants are 2130706433, | 0x7f000001, and 017700000001, which I personally don't find | preferable to 127.1. | chrisdhal wrote: | If you're using a database, use something like Postgres that | has this functionality built in[0]. You can store IPs, | networks, etc. in a native format that has all sorts of | functionality available out of the box. | | [0] https://www.postgresql.org/docs/current/functions- | net.html | crazygringo wrote: | Yes, storing is different from displaying though. | | In MySQL for example, that's what INET_ATON() and INET_NTOA() | are for, to convert between binary and display. | | Analogous to storing timestamps but displaying as datetimes | in a timezone. | wjholden wrote: | This is why I love this site. I've been doing networking | for many years and I'm not a total novice in databases, but | I had no idea MySQL had these functions. | lucb1e wrote: | I'd still much rather store something that can be indexed | in a btree than something where you have to always call a | function on and do full table scans. Of course, before | displaying to the user you'd use long2ip again (or the | database equivalent you mentioned; I usually avoid doing | unnecessary computations on the database and, instead, let | the application handle display logic). | crazygringo wrote: | Sorry if I wasn't clear, I was agreeing with you! Yes | precisely for indexing (plus just a fixed column size | that wastes no space). | ghayes wrote: | I'm not convinced we shouldn't have (originally) adopted using | pure hex, e.g. 0x7F000001 instead of 127.0.0.1. Personally, I | think it makes subnet masks, etc, a lot _more_ obvious. | capitainenemo wrote: | Obviously the octal and hex and overflow are pretty cursed, but | I do like using 10.0.0.* for home IPv4 just 'cause typing ssh | 10.1 is so darn convenient. | kbenson wrote: | Or set up local DNS and search domains, or even just add | entries to your hosts file. `ssh fw` is easy, as is `ssh | server`, which while more characters are more in the central | typing plane. | capitainenemo wrote: | I have those too, but I'm familiar with all the IPs and I | just got tired of adding DNS entries. Esp for some | predictable ones in the "dynamic" range. | | Also there are times I don't have DNS working. Often times | at some console where copy/paste also isn't working or | where I don't even have a mouse, and I extra appreciate the | simpler typing :) | theandrewbailey wrote: | I switched to the 10/8 block at home because it's less stupid | than typing 192.168.whatever for everything local. I'll have | to try this. | ianburrell wrote: | I think the IP address libraries should only accept the | standard dotted decimal octet form. And let the others die as | non-standard, historical forms. | dang wrote: | Discussed at the time: | | _There's more than one way to write an IP address_ - | https://news.ycombinator.com/item?id=20390759 - July 2019 (48 | comments) | lucb1e wrote: | > Here's another neat trick. You can overflow a digit. \n\n [...] | PING 10.0.513 (10.0.2.1) | | That's not exactly what's happening. You're omitting the fourth | octet so this is then interpreted as a decimal part of the | address (you can also have it be interpreted as hex or octal with | the usual prefixes). | | 10.0.0.513 won't work because overflow isn't really what's | happening. (For a minute you had me wondering if I missed | something in my IP address variants tool because I didn't know | that 9.256.0.1 would work as 10.0.0.1, but no, it can't and I've | got the other case covered. Whew!) | | The example can be written more succinctly as 10.513 | ta1243 wrote: | > The example can be written more succinctly as 10.513 | | The most useful example I use on a day to day basis is | dig foo.com @1.1 | | or ping 1.1 | | Which expands to 1.0.0.1 | moefh wrote: | Interesting, so that's also whats happening with 127.1 and | 127.0.1: the zeroes are not being "inserted automatically", | they come from expanding the last number (1) into the bits for | the last bytes of the address. | | To make it clearer: | | - for "x", then "x" is all 4 bytes of the address | | - for "x.y", then "x" is the first byte of the address and "y" | the last 3 bytes | | - for "x.y.z", then "x" is the first byte, "y" is the second" | and "z" is the last 2 | | - for "x.y.z.w", then each of the numbers is its own byte | eftychis wrote: | That is correct. The dots are there for our convenience to be | able to spot individual bytes. I hope the author addresses | and edits their article accordingly. | electroly wrote: | What's happening is more obvious when you consider that you can | equivalently write it as simply 167772673. Try `ping | 167772673`! | rnk wrote: | How about 134744072, that hits my favorite am-I-connected | site. I never knew you could put an int representing the 4 | bytes together until today, this is really fun. | | Even hex works, but doesn't hit a site that responds: (ping | 0xcafebeef). | peoplearepeople wrote: | I enjoy using "ping 0x1010101" | lucb1e wrote: | No need to ping if all you want is the conversion :) | | Just type it into the address bar: | https://snipboard.io/kbLTso.jpg (previously posted that | screenshot in 2021 | https://news.ycombinator.com/item?id=29050936) | sigjuice wrote: | The address bar is also a bit excessive for doing | conversions. $ getent hosts 127.1 | 127.0.0.1 127.1 | lxe wrote: | What's the history behind this? I doubt there was legacy or | backwards compat reasoning? Allowing for such a loose and wide | interpretation makes for complicated parsing and numerous | exploits. | pcthrowaway wrote: | I don't know about the hex representation, but the binary | representation is useful for figuring out CIDR ranges | justsomehnguy wrote: | Most of the time it is just a banal shenanigans of strtoint | conversions and how exactly the dotted decimal parser was | written. | | > for complicated parsing | | Somewhat | | > numerous exploits. | | Nah. It's mostly localized to a _string to hostname_ | processing, ie it never occurs in the network stack and happens | on the user 'side of things and permissions (think CLI and | interpreted languges) | billyhoffman wrote: | not exploits of the OS, but I've used this to exploit web | applications quite a bit. Tricks like these get your past a | lot of input filters or validation logic. This allows me to | trick these apps into making HTTP requests to internal or | private IPs/hosts. | | As an example, think of a cloud based web performance | monitoring system. I trick it into making HTTP requests to | 169.254.169.254, and I get access to data from their AWS | metadata service... | justsomehnguy wrote: | Yep. Skipped this part (not at "he desktop RN) but honestly | this is more in 'check what you accept' and input data | validation|sanitation. Still a valid target for an exploit | but you really need a bunch of things ('web performance | monitoring system') to happen before you can have a | meaningful usage (if at all) from these exploits. | ggm wrote: | Unisys used commas in its presentation format. Major bummer in | the late 80s commissioning a new library catalogue system. | Lightbody wrote: | I "ping 1.1" as my go-to network availability test. | | It checks to see if Cloudflare is responding, which 99.9% of the | time is going to tell you if your internet is working :) | lucb1e wrote: | Here's a list of all the ways (and notation combinations) you can | make with your IP address: | https://lucb1e.com/randomprojects/php/funnip.php | squeaky-clean wrote: | The first time I ever saw a hexadecimal ip was in a spam text | message, one of those "click here for your prize". I laughed to | myself thinking whoever wrote their spambot had messed up the url | but to my surprise the link worked. I didn't ever receive my | prize... | fsckboy wrote: | the education you received was more valuable than any monetary | reward. $2k you earn yourself is worth more than $100k given to | you for free. | anaganisk wrote: | Worth it in an ideal world, in the real world it's a bad | advice to compare given vs earned. We wouldn't have the | majority of the companies if the founders didn't have the | wealth given for them to bootstrap. | kccqzy wrote: | It's a common trick to evade spam detection, because the writer | of the spam detection software probably didn't think about | those weird IP address formats and would fail to extract the | URL. | crazygringo wrote: | > _$ ping 10.0.2.010_ | | > _PING 10.0.2.010 (10.0.2.8)..._ | | It was all fun and games until they started _mixing_ bases, | decimal and octal in the same address. | | That's just cursed. | bragr wrote: | Personally, when I was trying to wrap my head around CIDRs for | the first time, thinking about IPs at one 32 bit number (a la hex | formatting) was super helpful, and makes it less annoying to | leave behind the nice /8 /16 /24 chunks. Thinking of terms of | just bitmasks is also pretty straight forward in the end. | macintux wrote: | I gave a class on TCP/IP to other consultants in my company 20 | years ago. The day went well right up until the end when I | covered bitmasks, at which point eyes universally glazed over. | | Lesson learned: always save that topic for last, so the rest of | the day isn't a disaster. | NoZebra120vClip wrote: | In community college not 5 years ago, I took the first two of | a series of Cisco networking classes designed to prep for | certifications such as CCNA. | | When we came upon CIDR and VLSM, our instructor (very | knowledgeable, down-to-earth, pragmatic) introduced us to | various calculators that could assist us, although he did | also show us a manual way to graph out each bit. Then he | admitted that the VLSM portion of the class had often driven | his previous students to tears, and he didn't want to see | anyone crying over this anymore. | bobogei81123 wrote: | I thought the article will mention 127.0.0.1 | | $ ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. | tinglymintyfrsh wrote: | This requires a terminal or shell with Unicode normalization. | samstave wrote: | We should be able to spell out IPv4 and IPv6 addresses in | WingDings. | | EDIT: WingDings is the Grandparents to Emojis. | gregschlom wrote: | That's neat, but it's a property of the OS, though, not of IP | addresses themselves :) | | (doesn't work on Windows btw) | tyingq wrote: | >(doesn't work on Windows btw) | | Works in Gitbash in Microsoft Terminal, which is cheating a | bit, but doesn't introduce a different OS. | | Edit: Works in Powershell too. | 8organicbits wrote: | Works in Firefox on Linux for me. Probably some form of | unicode normalization? | | http://xn--orhcp.xn--mvh.xn--mvh.xn--orh:8000 -> | http://127.0.0.1:8000 | 8organicbits wrote: | Oh wow, I think HN normalized the unicode with punycode | since it's a URL. I submitted with 127.0.0.1 inside the | http:// and :8000 And the punicode version also works for | me :) | Tommstein wrote: | Just tried both versions in Firefox on Linux, they work | for me too. | dtgriscom wrote: | Doesn't work on macOS Ventura 13.3. | joeframbach wrote: | Javascript seems to normalize these automatically: | const a = document.createElement('a'); a.href = | 'http://032166163360'; console.log(a.href); // | "http://209.216.230.240/" a.href = | 'http://127.1' console.log(a.href); // | "http://127.0.0.1/" a.href = 'http://10.50.1' | console.log(a.href); // "http://10.50.0.1/" | a.href = 'http://10.0.513' console.log(a.href); | // "http://10.0.2.1/" a.href = | 'http://0xA000201' console.log(a.href); // | "http://10.0.2.1/" a.href = 'http://10.0.2.010' | console.log(a.href); // "http://10.0.2.8/" | | and also: console.log(new | URL('http://10.0.513').host) // "10.0.2.1" | rwalle wrote: | I think you mean browser (more specifically HTML standard), not | JavaScript | LegionMammal978 wrote: | In particular, IPv4 address parsing for URL hosts is | specified in https://url.spec.whatwg.org/#concept- | ipv4-parser, in WHATWG's URL Standard. | geraldcombs wrote: | It (and most other scripting languages) are likely just calling | inet_aton under the hood. | tinglymintyfrsh wrote: | And proper inet_aton allows even more formats (IPv4 only): | | u32 undotted | | u8.u24 dotted-signal | | u8.u8.u16 dotted-triple | | u8.u8.u8.u8 dotted-quad | | ^ where each of the above is allowed to be octal, hex, or | decimal | lucb1e wrote: | This wasn't always the case. For years, my website had a | numeric vhost configured with an easter egg but I don't think | anyone ever visited it. Then I noticed, maybe four years ago, | that firefox now translates the IP address into dotted quad | notation and use that as a Host header instead of what the user | typed, so it would never trigger now anyway. | | The internet used to be more fun when it was all fun and games | and we didn't need to worry about every possible type of user | misleading :( | bombcar wrote: | Aren't there some other ones? IIRC the standard "IP address | handler library" would do things like "try any possible way of | interpreting it" and would work on words, etc. | rasengan wrote: | You could represent each octet as an ASCII char reducing it to | 4 characters. | dragonwriter wrote: | > You could represent each octet as an ASCII char reducing it | to 4 characters. | | Except ASCII is 7-bit, and a number of those are control | characters. So you couldn't, and many that you could would be | unreadable. <DEL><NUL><NUL><SOH> for localhost is... not | ideal. | lucb1e wrote: | That sounds like good laptop sticker material. Could even | give readers a hint by using the "there's no place like" | saying that I've seen applied to 127.0.0.1 and ::1 already, | or prefix some hacking tool. I wonder how many people would | get it. | | There's no place like <DEL><NUL><NUL><SOH> | ryan-c wrote: | Or 5 base85 digits if you wanted to ensure there were no | control characters... | chaorace wrote: | There are _no_ officially adopted text-representations (for | IPv4), only binary ones. In other words: there are | simultaneously infinitely more possibilities and exactly zero. | | For the most part, applications tend to punt the job of | interpreting such text address representations to the IP stack | (usually embedded in the OS kernel). These vary in what they'll | accept by implementation and version, but they tend to be | extremely good at interpreting whatever arbitrary nonsense | people have historically been likely to try. As a result, there | are surprisingly few application-level libraries which even | attempt to deal with that mess. | thequux wrote: | I only know of two operating systems where IP address parsing | (and the address resolver in general) is part of the TCP/IP | stack: ITS and z/OS. MS-DOS gets an honorable mention due to | not having any architectural distinction between parts of the | system at all, and z/OS only qualifies because it's not | entirely clear where the boundaries of the "TCP/IP stack" are | to begin with. (One would be forgiven for thinking that the | TCP/IP stack is contained in the address space called | "TCPIP". However, significant parts of it are in the LPA, | which is part of _every_ address space, and it 's not clear | to me yet where exactly the resolver is.) ___________________________________________________________________ (page generated 2023-04-28 23:00 UTC)