Coworker: ...and the IP address are compared with a string match.
Me: grinning manically
Coworker: Why are you looking at me like that?
Me: Open up a terminal and type ping 4.2.514 and hit enter.
Coworker: ...what's the fourth number?
Me: grin widens Just hit enter.
Coworker: WTF!?
Conversation
Notices
-
Embed this notice
Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Wednesday, 23-Apr-2025 19:58:25 JST 
Ryan Castellucci :nonbinary_flag:
- Haelwenn /элвэн/ :triskell:, LukeAlmighty 🇨🇿 and Polychrome :blabcat: and 2 others like this.
-
Embed this notice
Infoseepage (infoseepage@mastodon.social)'s status on Wednesday, 23-Apr-2025 20:17:26 JST 
Infoseepage
@ryanc Do I have it right that each number seperated by dots get converted into a binary octet which can range in value up to 256. The first two numbers get interpreted normally, but 514 is 0010 0000 0010 in binary and so ping runs it as if you'd entered 4.2.2.2?
-
Embed this notice
CatSalad🐈🥗 (D.Burch) :blobcatrainbow: (catsalad@infosec.exchange)'s status on Wednesday, 23-Apr-2025 20:50:54 JST 
CatSalad🐈🥗 (D.Burch) :blobcatrainbow:
@ryanc WTF!? I knew you could ping a decimal like 2130706433, but a hybrid? How has this cursed knowledge evaded me so far?
-
Embed this notice
Jay (jws@infosec.exchange)'s status on Wednesday, 23-Apr-2025 20:57:05 JST 
Jay
@ryanc That never occurred to me to try, and yet here we are:
jay@marvin:~$ ping 4.131586
PING 4.131586 (4.2.2.2) 56(84) bytes of data.
64 bytes from 4.2.2.2: icmp_seq=1 ttl=56 time=17.8 ms -
Embed this notice
David Schuetz (darthnull@infosec.exchange)'s status on Wednesday, 23-Apr-2025 21:07:54 JST 
David Schuetz
@ryanc I once had a subnet where all the hosts used movie names. Remotely connecting to “2001” was a real pain.
-
Embed this notice
da_667 (da_667@infosec.exchange)'s status on Wednesday, 23-Apr-2025 21:18:08 JST 
da_667
@ryanc "why the fuck does that...." oh, I get it now.
-
Embed this notice
BeyondMachines :verified: (beyondmachines1@infosec.exchange)'s status on Wednesday, 23-Apr-2025 22:23:09 JST 
BeyondMachines :verified:
@ryanc why not `ping 134744072`
-
Embed this notice
Dan 🔓:afloppy::donor:, powered by sarcasm (sycophantic@infosec.exchange)'s status on Wednesday, 23-Apr-2025 22:31:33 JST 
Dan 🔓:afloppy::donor:, powered by sarcasm
@ryanc the ways we used to bypass firewalls in the 90s
-
Embed this notice
Jernej Simončič � (jernej__s@infosec.exchange)'s status on Wednesday, 23-Apr-2025 22:57:28 JST 
Jernej Simončič �
@ryanc This will probably blow a few people's minds:
ping 172.16.255.5
ping 2886795013
ping 0xac10ff05
ping 025404177405
ping 172.16.65285
ping 172.16.0xff05
ping 172.16.0177405
And don't forget to mix & match:
ping 172.0x10.0177405(and yes, these all work on Linux and Windows at least)
-
Embed this notice
Infoseepage (infoseepage@mastodon.social)'s status on Wednesday, 23-Apr-2025 23:29:25 JST
Infoseepage
-
Embed this notice
Z̈oé ⛵ (uint8_t@chaos.social)'s status on Wednesday, 23-Apr-2025 23:29:27 JST 
Z̈oé ⛵
@Infoseepage @ryanc see also: ping 192.1
-
Embed this notice
Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 24-Apr-2025 01:22:33 JST
Ryan Castellucci :nonbinary_flag:
@gabe I did, lol.
-
Embed this notice
Gabe (gabe@mendeddrum.org)'s status on Thursday, 24-Apr-2025 01:22:43 JST 
Gabe
@ryanc now show them
ping 4.2.01002
For extra lulz -
Embed this notice
Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 24-Apr-2025 01:51:16 JST
Ryan Castellucci :nonbinary_flag:
@yossi@techhub.social @dakkar technically, . is a valid hostname
-
Embed this notice
Yossi (_yossi_@techhub.social)'s status on Thursday, 24-Apr-2025 01:51:20 JST 
Yossi
@dakkar @ryanc cloudflare can make the best url shortner by putting it on 1.0.0.1
You can't get shorter than https://1.1/whatever
-
Embed this notice
dakkar (dakkar@s.thenautilus.net)'s status on Thursday, 24-Apr-2025 01:51:23 JST 
dakkar
@ryanc@infosec.exchange I should start using 127.1 or even 2130706433 and see how much stuff gets very confused 😁
-
Embed this notice
Paul_IPv6 (paul_ipv6@infosec.exchange)'s status on Thursday, 24-Apr-2025 01:59:11 JST 
Paul_IPv6
IP addr parsing code is total nutso stuff. ;)
-
Embed this notice
⠠⠵ avuko (avuko@infosec.exchange)'s status on Thursday, 24-Apr-2025 02:59:46 JST 
⠠⠵ avuko
@ryanc ping 67240450 also works.
PS: this was a trick I often used as a security tester to bypass WAFs etc. Probably still (or again?) works on all kinds platforms.
-
Embed this notice
mathew (lpar@infosec.exchange)'s status on Thursday, 24-Apr-2025 04:59:16 JST 
mathew
@ryanc Don't forget to tell them about IPv6 address abbreviation.
-
Embed this notice
Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 24-Apr-2025 05:21:29 JST
Ryan Castellucci :nonbinary_flag:
@gsuberland enbies just want one thing and it's disgusting
-
Embed this notice
Graham Sutherland / Polynomial (gsuberland@chaos.social)'s status on Thursday, 24-Apr-2025 05:21:30 JST 
Graham Sutherland / Polynomial
@ryanc *undots ur quad*
-
Embed this notice
Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 24-Apr-2025 15:26:59 JST
Ryan Castellucci :nonbinary_flag:
If this ends up being my most popular fedi post ever I'm gonna be upset.
-
Embed this notice
Clifford Guillaume (cguillaume@infosec.exchange)'s status on Thursday, 24-Apr-2025 21:50:43 JST
Clifford Guillaume
@ryanc 4.2.514 is not an IPV4 address. An IPV4 address is composed of 32 bits pre-described using the dotted-interval concept, which requires a period between each group of eight (8) bits. Ex:
Format:
xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx
8 bits 8bits 8bits 8bits = 32bits
1 Byte 1 Byte 1 Byte 1 Byte = 4 Bytes
Examples of addresses:
192.168.10.4
200.29.67.4
10.10.10.2
8.8.8.8
4.4.4.4 -
Embed this notice
Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 24-Apr-2025 21:58:06 JST
Ryan Castellucci :nonbinary_flag:
@CGuillaume and yet pinging it works 🤔
-
Embed this notice
Clifford Guillaume (cguillaume@infosec.exchange)'s status on Thursday, 24-Apr-2025 22:01:11 JST
Clifford Guillaume
@ryanc Unless 4.2.514 is an alias name (CNAME) that represents an IP address.
-
Embed this notice
Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 24-Apr-2025 22:05:37 JST
Ryan Castellucci :nonbinary_flag:
@CGuillaume Read the documentation for inet_aton.
This format, cursed as it may be, is widely supported.
-
Embed this notice
Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 24-Apr-2025 22:06:47 JST
Ryan Castellucci :nonbinary_flag:
@CGuillaume Thank you for the gender validation. 🤣
-
Embed this notice
Clifford Guillaume (cguillaume@infosec.exchange)'s status on Thursday, 24-Apr-2025 22:08:13 JST
Clifford Guillaume
@ryanc cool 👍
-
Embed this notice
Clifford Guillaume (cguillaume@infosec.exchange)'s status on Thursday, 24-Apr-2025 22:17:21 JST
Clifford Guillaume
@ryanc
What was exactly the problem ? -
Embed this notice
Jay (jws@infosec.exchange)'s status on Thursday, 24-Apr-2025 22:53:07 JST
Jay
@ryanc relevant deep dive: https://blog.dave.tf/post/ip-addr-parsing/
-
Embed this notice
Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Friday, 25-Apr-2025 00:23:12 JST
Ryan Castellucci :nonbinary_flag:
-
Embed this notice
Oliver Blanthorn (bovine3dom@masto.ai)'s status on Friday, 25-Apr-2025 00:23:13 JST 
Oliver Blanthorn
@ryanc we ran into this in Tridactyl a few months ago when a user was trying to search for "538" https://github.com/tridactyl/tridactyl/issues/5081
All GNU social JP content and data are available under the