
This is a valid ipv4 address - lcedp
http://3098282570
======
nwh
The decoded URL for this submission is
[http://184.172.10.74/](http://184.172.10.74/) — the server for Hacker News.

Here's some other encodings you can use for the same address, they're all
valid and recognised by most browsers and other software:

[http://3098282570/](http://3098282570/)

[http://7393249866/](http://7393249866/)

[http://0xb8.0xac.0x0a.0x4a/](http://0xb8.0xac.0x0a.0x4a/)

[http://0270.0254.0012.0112/](http://0270.0254.0012.0112/)

The source for this comment is an XSS filtering bypass tool by _RSnake_ —
[http://ha.ckers.org/xsscalc.html](http://ha.ckers.org/xsscalc.html)

~~~
throwawaykf
More encodings:

[http://[0:0:0:0:0:ffff:b8ac:a4a]](http://\[0:0:0:0:0:ffff:b8ac:a4a\])

[http://asdf:qwerty@3098282570/](http://asdf:qwerty@3098282570/)

[http://asdf:qwerty@[0:0:0:0:0:ffff:b8ac:a4a]:80](http://asdf:qwerty@\[0:0:0:0:0:ffff:b8ac:a4a\]:80)

(Might get a security/phishing warning on the last two links in some
browsers.)

~~~
throwawaykf
And another way of doing the first one:

[http://[0::0:ffff:b8ac:a4a]/](http://\[0::0:ffff:b8ac:a4a\]/)

------
rachelbythebay
The last time this came up on HN, I decided to dig into ping and glibc's
resolver stuff to find out exactly why this worked.

[http://rachelbythebay.com/w/2012/10/13/ping/](http://rachelbythebay.com/w/2012/10/13/ping/)

~~~
300bps
That article is focused on ping and glibc but the reason why this works is
fundamental to IPv4 itself.

All IPv4 address are 32 bit addresses. That's why each number of an IPv4
address that people are familiar with are called octets. They represent 8 bits
of the 32 bit address. So if you have 127.0.0.1, then the first octet is 127,
the second is 0 and so on.

Any representation of this 32 bit number (including the most familiar A.B.C.D
format) is a kind of short-hand for representing that 32 bit number.

I tried finding a link to a particular site that was phenomenal for learning
the entire TCP/IP stack but I haven't seen that site since at least 1998.

But basically, if you want to spend time learning about IPv4 right before IPv6
becomes the dominant standard, then look into how hosts use the combination of
IP address and subnet mask to determine if something is on the local network,
how hosts use ARP to translate a 32 bit IP address into a MAC address and all
the other low level protocols.

~~~
rachelbythebay
No, it works because the tool allows it by virtue of how it's implemented.
Find a different ping or inet_aton implementation and it won't necessarily
work.

~~~
300bps
_Find a different ping or inet_aton implementation and it won 't necessarily
work._

At best, you seem to be picking nits. More likely though I think you just have
a very surface level understanding of what is going on here.

The bottom line is that, as I said already, an IPv4 address is a 32 bit
number. It's also true that various tools that communicate with IP addresses
utilize different methods to arrive at the underlying 32 bit number. But it's
not right to say that "this only applies to systems using ping from iptools
and glibc" as the article you linked says. Many of these "tricks" worked in
all manner of operating systems and applications. I was discussing many of
them in IRC using Windows 3.1 and Trumpet Winsock before 1994.

Again, the bottom line is that an IPv4 IP address is a 32 bit number and there
are dozens of ways that various applications allow you to arrive at that
number. It's silly for an article or someone quoting it to attempt to say it
only applies to one implementation.

~~~
jmillikin

      > At best, you seem to be picking nits. More likely though
      > I think you just have a very surface level understanding
      > of what is going on here.
    

You are replying to Rachel Kroll, and this quote is the networking equivalent
of
[http://c2.com/cgi/wiki?KornShellStory](http://c2.com/cgi/wiki?KornShellStory)

~~~
300bps
Oh, Rachel Kroll. You mean _that_ Rachel Kroll? The one I've never heard of?

Anyway, [https://yourlogicalfallacyis.com/appeal-to-
authority](https://yourlogicalfallacyis.com/appeal-to-authority)

I don't care who someone is because I evaluate individual statements on their
own merits. In Rachel's own statement, she just learned "why this worked" "the
last time it came up on HN". I got my first modem in 1985 (have you noticed my
username?) and been in IT for longer than most HN users have been alive. But
feel free to tell me how I don't have a right to discuss something because I'm
correcting _the_ Rachel Kroll.

~~~
axaxs
Agreed. I read that statement with the same disregard. Unless she wrote the
entirety of the ip stack specification, the argument is moot. Not one single
person does or can know every piece of the technology puzzle. This amounts to
calling me stupid for using gnome because Linus likes KDE, or more recently
vice versa.

------
nmeofthestate
Someone better fix the title - should be "Hacker News".

------
jloughry
The submission is a little misleading; it's traditional on HN to link to an
article discussing the principle, rather than simply a demonstration. However,
the OP highlights an interesting point. There are other, analogous, unexpected
behaviours like this one, such as numeric constants with leading zeros being
interpreted as octal, that arise from the ubiquity of the C standard library.
You see them in Java all over the place.

Edited to Add:

Don't think good penetration testers (and malware writers, alas) don't already
know about this trick. But, as [http://xkcd.com/1053/](http://xkcd.com/1053/)
pointed out, it's always great to teach new people old things.

~~~
kalleboo
> Don't think good penetration testers (and malware writers, alas) don't
> already know about this trick.

This was also a popular trick among kids at my high school to work around the
web content filter and get on social networks

~~~
serf
yeah, some years back there was also some C code in an issue of 2600 (or maybe
a bash script? I cant remember) that obfuscated URLs in this manner. The
article that the script was attached to actually used school URL filtering as
the example case use.

------
dreen
Guys check out this website at [http://0x7f000001](http://0x7f000001) hahaha
what an idiot made this, that page is shit!

~~~
jloughry
You made a good point here: I recognised 127.0.0.1 in the value instantly,
showing that you _can_ sometimes read this representation by eye, e.g.:

    
    
        0x0a000001 = 10.0.0.1
        0xc0a80001 = 192.168.0.1

~~~
simcop2387
That's why i usually like to go with, [http://0x7f123456/](http://0x7f123456/)
same effect but less recognition.

~~~
icoder
Didn't work for me

------
seanalltogether
It took me awhile to understand what was so significant about the submission.
In chrome when I roll over the link i just see 184.172.10.74.

~~~
zymhan
Interesting, when I roll over it in Firefox I see the large number.

------
lelf
[https://en.wikipedia.org/wiki/IPv4#Address_representations](https://en.wikipedia.org/wiki/IPv4#Address_representations)

------
swinglock
An IPv4 address is a 32 bit number. The 4 octet representation is just meant
for humans, it doesn't even look like that in an IPv4 packet header.

------
16s
An IPv4 address is a 32 bit integer. It's a number that can be represented in
various ways. Been that way for decades now.

------
memracom
An IPv4 address is a 32 bit string of bits. That 32 bit value can be
represented in many different ways, but none of those ways are IPv4 addresses.
The actual address is that string of 32 bits, and that is what is used in the
TCP stack inside your OS or your router.

------
BigEndian101
(FIRST_OCTET << 24) + (SECOND_OCTET << 16) + (THIRD_OCTET << 8) + FOURTH_OCTET

------
jpswade
[http://php.net/manual/en/function.ip2long.php](http://php.net/manual/en/function.ip2long.php)

[http://codepad.org/5ncM6IMS](http://codepad.org/5ncM6IMS)

~~~
logn
Also, this tool is useful, a bi-directional IP-long converter:

[http://www.elfqrin.com/LongIP.php](http://www.elfqrin.com/LongIP.php)

------
geoffpado
The inverse of this actually bit me when I was porting my company's app from
iOS to Windows 8. We have a custom URI scheme to open stories in our app that
looks like foo://<int>. On iOS, we just take the bit after the scheme and use
it directly. Windows, however, was giving it to us as a dotted-decimal string,
so we had to convert back from that to the integer representation before using
it. That was the day I learned that these different kinds of representations
could be used and to not assume anything about URIs.

------
Leask
Using this python script to make the int-ip-address:

#!/usr/bin/env python

import socket

import struct

def ip2long(ip):

    
    
        packedIP = socket.inet_aton(ip)
    
        return struct.unpack("!L", packedIP)[0]
    

print ip2long('192.241.224.102') # your website ip address

# or download it on github:
[https://gist.github.com/Leask/7075483](https://gist.github.com/Leask/7075483)

~~~
d0mine
Or more straightforward in Python 3.3+:

    
    
        import ipaddress
    
        print(int(ipaddress.ip_address('192.241.224.102')))

------
INIT_6
I first discovered these 10digit decimal formatted IPv4 address about a year
ago when testing/analyzing android apps. Created a quick python scripts to
convert back and forth.

[https://github.com/initiate6/IP_addresses](https://github.com/initiate6/IP_addresses)

------
sebcat
This is why it's a good idea to use getaddrinfo and getnameinfo for IP address
validation and normalization. While we're at it, use sockaddr's to represent
addresses. in6_addr doesn't hold the IPv6 address scope/zone ID.

------
lucb1e
I set a vhost for this years ago, instructing whomever was cool enough to use
this URL to e-mail me. Nothing received yet :(

------
chromano
How come no one mentioned [http://0xdeadbeef](http://0xdeadbeef) ?

------
X-Cubed
Interestingly, Chrome shows the dotted address format in the status bar when
you hover over the link.

------
jcburnham
In Urbit, 3098282570 is ~lanben-dibnup.

~tomsyt-balsen/try=> `@p`3.098.282.570

~lanben-dibnup

------
sebcioz
How can I encode any ip address?

~~~
tyilo
The normal way of displaying the ip address for HN is `184.172.10.74`. You
then just have to take each 4 parts and multiply it with a power of 256:

    
    
        184 * 256^3 + 172 * 256^2 + 10 * 256^1 + 74 * 256^0 == 3098282570

------
TallboyOne
I don't follow.

~~~
alayne
It's just the decimal form of a base 256 number with four digits.

~~~
delinka
Or perhaps it's the decimal form of a base 16 number with eight digits.

~~~
einhverfr
Or perhaps it is the base 100 form of a base 2 number with 32 digits.

------
cturhan
is it browser interprets this to IP adress?

------
scaramanga
sage

------
rmrfrmrf
The fact that this is 'news' or a 'trick' to some people says a lot about the
current state of HN. IP addresses have integer representations by design! Are
the commenters here really so removed from _actually_ doing work that they've
never seen a database that stores IP addresses as integers? (Hint: ALL of the
good ones do). That's to say nothing of the fact that there are clearly _many_
people here who don't understand what binary is.

At least it's good to know that the radical, ridiculous, Reddity mentality
that's been plaguing HN as of late is coming from a clearly different group of
people than those who used to comment. Looks like it's time to move on to
greener pastures.

~~~
jmduke
I haven't been on Hacker News long enough to speak definitively about the
current state of HN (a bit less than two years, but I spent the first one
lurking), but I would be more concerned about comments that complain about 'HN
changing' (as someone who was on Reddit to hear complaints about all the
Diggers... then all the 4chaners.. then all the high schoolers..) than content
considered 'elementary' to smarter programmers than I.

I notice that you haven't submitted any links. Is there any particular reason
why? If you're not pleased with the content on the site, why don't you submit
better content?

(For what it's worth: this content is news for me. I never spent much time
thinking about IP addresses before clicking the link and getting confused for
a solid minute. I understand what binary is, though, I promise!)

~~~
escapologybb
_holds up hand_

This totally confused me for a minute until I started reading the comments,
what on earth does that say about my intellect?!

 _frets madly_

