Include 0.0.0.0/8 in DNS rebind checks

Comments

2 comments

  • Avatar
    rotblitz

    This does not make sense.  This address space cannot be used for destination addressing.  It is just being used for "source hosts on 'this' network".  Therefore it cannot be used for DNS rebinding attacks.  Try it yourself!

    0
    Comment actions Permalink
  • Avatar
    jedisct1

    It's a Linux-specific thing. 0.0.0.0 goes to the local interface by default.

    0
    Comment actions Permalink

Please sign in to leave a comment.