为什么可以通过部分IP地址访问服务器?


10

在我的网络中,我有一台IP地址为10.0.0.15的服务器。无意间,我发现了命令:ping 10.0.15结果

64 bytes from 10.0.0.15: icmp_seq=1 ttl=64 time=9.09 ms

...因此正确的服务器会响应ping。即使我尝试:ping 10.15我也得到可比的结果。此外,远程登录到部分地址按预期方式工作。但是,SSH失败。为什么发送到部分地址的数据包到达正确的服务器?


它不是部分地址...所以标题在这里有点误导...
罗里·阿尔索普

1
ssh应该能够连接到这样的地址(因为它映射到实际传递给套接字调用的相同值),但是它不会将主机密钥识别为与“正确”地址的known_hosts条目匹配,结果取决于如何您(或管理员)已配置主机密钥检查。
dave_thompson_085 '18

有关IP地址文本表示的其他乐趣,请参阅我关于serverfault的较早的相关答案:serverfault.com/a/837667/355827
ilkkachu,

Answers:


18

根据inet_aton(3)函数docs,这是允许的形式:

DESCRIPTION
       inet_aton() converts the Internet host address cp from  the  IPv4  num‐
       bers-and-dots  notation  into  binary  form (in network byte order) and
       stores it in the structure that inp  points  to.   inet_aton()  returns
       nonzero  if the address is valid, zero if not.  The address supplied in
       cp can have one of the following forms:

       a.b.c.d   Each of the four  numeric  parts  specifies  a  byte  of  the
                 address;  the  bytes  are  assigned in left-to-right order to
                 produce the binary address.

       a.b.c     Parts a and b specify the  first  two  bytes  of  the  binary
                 address.   Part  c  is  interpreted  as  a  16-bit value that
                 defines the rightmost two bytes of the binary address.   This
                 notation  is  suitable for specifying (outmoded) Class B net‐
                 work addresses.

       a.b       Part a specifies the first byte of the binary address.   Part
                 b is interpreted as a 24-bit value that defines the rightmost
                 three bytes of the binary address.  This notation is suitable
                 for specifying (outmoded) Class C network addresses.

       a         The  value  a is interpreted as a 32-bit value that is stored
                 directly into the binary address without any byte  rearrange‐
                 ment.

例如

$ perl -MSocket=inet_aton,inet_ntoa -E 'say inet_ntoa(inet_aton("10.0.15"))'
10.0.0.15
$ perl -MSocket=inet_aton,inet_ntoa -E 'say inet_ntoa(inet_aton("10.15"))'
10.0.0.15
$ 

但是,如今最好改为使用getaddrinfoor inet_ntop呼叫以获得IPv6支持。“ B类”的东西早在1994年就已成为历史,现在有了CIDR和/24...

嘿,您也可以给它一个大的旧整数(但是请不要)

$ perl -MSocket=inet_aton,inet_ntoa -E 'say inet_ntoa(inet_aton("2130706433"))'
127.0.0.1
$ getent hosts 2130706433
127.0.0.1       2130706433
$ ssh 2130706433
The authenticity of host '2130706433 (127.0.0.1)' can't be established.
...

(这可能无法移植到其他Unix;尤其是OpenBSD无法解析2130706433 ...)


1
为了获得更多的乐趣,就像文档的下一个段落应该说(和POSIX一样),每个数字都像C源一样进行解析,其中前导0表示八进制0x0X十六进制,因此010.020.030.040实际上是地址,通常写为8.16.24.32 。网络钓鱼者通常这样做是为了“隐藏”恶意URL中的主机身份。我最近没有看他们是否仍然这样做。
dave_thompson_085 '18
By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.