IPy is a Python "class and tools for handling of IPv4 and IPv6 addresses and networks" (https://github.com/haypo/python-ipy). This library is sometimes used to implement blacklists forbidding internal, private or loopback addresses. Using octal encoding (supported by urllib2), it is possible to bypass checks based on the result of the iptype() function. For example, IP address '0177.0000.0000.0001' is considered as 'PUBLIC' but resolves to '127.0.0.1' when accessed via urllib2. Developers were informed, no news since then... More details on my blog: http://www.agarri.fr/kom/archives/2014/10/15/bypassing_blacklists_based_on_ipy/index.html Cheers, Nicolas Grégoire
