zlacker

[parent] [thread] 7 comments
1. veyh+(OP)[view] [source] 2025-01-05 15:35:41
I wonder how many people realize you can use the whole 127.0.0.0/8 address space, not just 127.0.0.1. I usually use a random address in that space for all of a specific project's services that need to be exposed, like 127.1.2.3:3000 for web and 127.1.2.3:5432 for postgres.
replies(4): >>number+y >>jerf+ra >>9dev+Xu >>eadmun+Lw
2. number+y[view] [source] 2025-01-05 15:41:32
>>veyh+(OP)
TIL I always thought it was /32
3. jerf+ra[view] [source] 2025-01-05 16:59:58
>>veyh+(OP)
Also a great way around code that tries to block you from hitting resources local to the box. Lots of code out there in the world blocking the specific address "127.0.0.1" and maybe if you were lucky "localhost" but will happily connect to 127.6.243.88 since it isn't either of those things. Or the various IPv6 localhosts.

Relatedly, a lot of systems in the world either don't block local network addresses, or block an incomplete list, with 172.16.0.0/12 being particularly poorly known.

4. 9dev+Xu[view] [source] 2025-01-05 19:38:14
>>veyh+(OP)
Also, many people don’t remember that those zeros in between numbers in IPs can be slashed, so pinging 127.1 works fine. This is also the reason why my home network is a 10.0.0.0/24—don’t need the bigger address space, but reaching devices at 10.1 sure is convenient!
replies(1): >>diggan+VE
5. eadmun+Lw[view] [source] 2025-01-05 19:54:27
>>veyh+(OP)
Be aware that there is an effort to repurpose most of 127.0.0.0/8: https://www.ietf.org/archive/id/draft-schoen-intarea-unicast...

It’s well-intentioned, but I honestly believe that it would lead to a plethora of security problems. Maybe I am missing something, but it strikes me as on the level of irresponsibility of handing out guardless chainsaws to kindergartners.

replies(1): >>pepa65+N31
◧◩
6. diggan+VE[view] [source] [discussion] 2025-01-05 21:00:50
>>9dev+Xu
I had no idea about this, and been computing for almost 20 years now, thanks!

Trying to get ping to ping `0.0.0.0` was interesting

    $ ping -c 1 ""
    ping: : Name or service not known

    $ ping -c 1 "."
    ping: .: No address associated with hostname

    $ ping -c 1 "0."
    ^C

    $ ping -c 1 ".0"
    ping: .0: Name or service not known

    $ ping -c 1 "0"
    PING 0 (127.0.0.1) 56(84) bytes of data.
    64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.028 ms

    $ ping -c 1 "0.0"
    PING 0.0 (127.0.0.1) 56(84) bytes of data.
    64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.026 ms
replies(1): >>immibi+wM5
◧◩
7. pepa65+N31[view] [source] [discussion] 2025-01-06 01:05:34
>>eadmun+Lw
That is awful and I hope it will never pass. It would be a security nightmare. If passed, it should lead to a very wide review of all software using 127/8, and that will never be comprehensive...
◧◩◪
8. immibi+wM5[view] [source] [discussion] 2025-01-07 17:06:03
>>diggan+VE
0.0.0.0 is a reserved address to mean "this device". Also, 0/8 is a reserved subnet to mean "this network" (which no-one uses any more). I wouldn't have expected ping to substitute 127.0.0.1, but it's not that weird either.
[go to top]