Chris Knipe wrote: > Prob useless, but just to back things up even more.. > > RedHat, on Kernel 2.4.4: > [root@alcazar /root]# ping 001.001.001.002 Given that 001.001.001.002 is the same in both octal and decimal, this isn't a particularly good test case ;) > My FreeBSD boxes seems to work fine however - the program below also > reports the correct IP on my FreeBSD machines, wrong on the Linux ones. > > We might have a problem here... This can be used in some sort of spoofing > manner can't it? I don't know if "spoofing" is really the right term. Probably the main security issue with this sort of is related to circumventing filters. There was a recent BugTraq thread which described the various different ways in which IP addresses could be specified in URLs so as to bypass content filters which use a string comparison to check for "prohibited" addresses. > Programs or networks on Linux kernels It's not the Linux kernel; it's GNU libc which is at fault (or possibly RFC 1166, depending upon your point of view). > can be "cheated" so send data to other IP addresses as they seem to > the human eye?? I guess that's an extension of the "filter" issue. Of course, there's the (probably remote) possibility that this could have undesirable side effects if dotted-decimal strings were passed between libc functions and code which performs the encoding or decoding itself according to the letter of RFC 1166. E.g. tcpflow saves its output in files with names generated using the format: %03d.%03d.%03d.%03d.%05d-%03d.%03d.%03d.%03d.%05d (the "%05d"s are the port numbers). Extracting one of the IP addresses from such a filename then passing it to inet_aton (or similar) would give the wrong result. -- Glynn Clements <glynn.clements@virgin.net> - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
