Dianne Skoll wrote:
On Mon, 20 Apr 2015 17:02:09 -0700 (PDT)
John Hardin <jhar...@impsec.org> wrote:
I suggest that this rule should treat 0/8 as equivalent to 127/8.
That's essentially what it's reserved for, just "local to the LAN"
vs. "local to the host".
Does 0/8 really mean that? On at least one OS (Linux), the TCP stack
treats it specially:
$ telnet 0.1.2.3
Trying 0.1.2.3...
telnet: Unable to connect to remote host: Invalid argument
The EINVAL return is certainly not the same as trying a nonexistent
host:
$ telnet 10.11.12.13
Trying 10.11.12.13...
[hangs]
I don't think 0/8 was intended for real traffic. I understood it to be
intended only for hosts trying to discover their real IP addresses.
The 0.0.0.0/8 is an 'unspecified' address. In principle a host is
free to use it for whatever purposes internally (or for network
discovery),
but is not routable outside the host. In that sense it behaves the
same as 127.0.0.0/8 and I think for the purposes of seeing it in
a Received header field outside of the 'trusted' zone it should be
treated as any foreign private IP address space, i.e. it may be
valid for the host which inserted it, but has no value for us
the receiving party.
Btw, the same should apply to addresses ::/128 and ::1/128 .
Mark
