0

When i redirected a single webpage to an address http://0.0.0, i also found that 0.0.0 is an alias of the network address, but since it is only 3 bytes, this seems to be strange. Why would chrome and system ping "accept" to use a 3-byte address which then redirect to my network address in-the-browser and get "It works!" because apache took over the my NA also. firefox 8.0 can't handle the same request chrome can and will show up a 400 Bad Request Error status.

I can: ping 0.0.0
I can redirect to 0.0.0.0 using php function header() in chrome with the code 'Location: http://0.0.0'

user
  • 7,670
  • 2
  • 30
  • 54
  • 2
    I'm not sure how this is a security question. – Nic Jul 04 '19 at 20:50
  • 1
    This might interest you: [This IP address can be written 121 different ways](http://lucb1e.com/rp/php/funnip.php?ip=209.216.230.240&link) – Luc Jul 05 '19 at 09:57
  • 2
    Did you literally make a screenshot of an image saying `Location: http://0.0.0` instead of writing it? What for? –  Jul 05 '19 at 10:14
  • MechMK1 just another way of presenting code, but that doesn't matter –  Jul 05 '19 at 10:26
  • 2
    *"just another way of presenting code, but that doesn't matter"* Actually, it does matter a great deal to people using tools such as screen readers, translation utilities and other usability enhancement tools. Stack Exchange sites see users from just about every part of the world and every walk of life; don't assume that just because using an image containing only text, instead of text, isn't a problem for you, that doing so won't be a problem for others. – user Jul 06 '19 at 20:13
  • You say that you're trying this in Firefox 8.0. Are you really using a web browser that is [about seven and a half years old](https://en.wikipedia.org/wiki/Firefox_version_history#Firefox_5_through_9)? (Wikipedia puts Firefox 8.0 in early November 2011, which feels about right to me.) And comparing the results of it to an "evergreen" browser which you can barely *not* upgrade to whatever is the most recent version on any particular day? (Firefox can at least trivially be configured to not force-upgrade.) – user Jul 06 '19 at 20:16
  • Just to show the difference.. not actual comparing –  Jul 06 '19 at 20:20

2 Answers2

2

This is a relic of the original Internet addressing scheme, now retronymed 'classful' and obsolete almost 3 decades. See e.g. https://stackoverflow.com/questions/29285954/wsastringtoaddress-thinks-1-2-3-is-a-valid-ip-address or more officially http://pubs.opengroup.org/onlinepubs/009695399/functions/inet_addr.html . Note that 0.0.0.0 itself, in whatever representation, cannot actually be a host address, but since it is the reserved special value INADDR_ANY some software replaces it with another address like 127.0.0.1 which is routable, or close enough. OTOH you can't get a valid certificate for HTTPS/SSL/TLS for either 0.0.0.0 or 127.0.0.1 from any 'real' CA (more specifically, any CA subject to CABforum rules or trusted by any major browser).

Although this is primarily a programming-for-networking issue, there is a slight security impact in that nowadays 99.99% of systems on the Internet are operated by individuals (cf. Dilbert) with sub-fractional clues how the Internet actually works, so that phishers, scammers, etc. sometimes use these obsolete address formats (especially the single number) in URLs and email addresses to confuse, mislead, and deceive such people.

dave_thompson_085
  • 9,759
  • 1
  • 24
  • 28
0

Using IPv4, some zeros can be "optionnal" if easily guessable:

~$ ping 192.1
PING 192.1 (192.0.0.1) 56(84) bytes of data.
^C
--- 192.1 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1027ms

~$ ping 192.168.1
PING 192.168.1 (192.168.0.1) 56(84) bytes of data.
^C
--- 192.168.1 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

Nevertheless, i don't remember if the job is done by resolver or the software...

binarym
  • 744
  • 4
  • 8