General discussion


unspecified ip address

By Jaqui ·
This recently appeared in the users support email list for Apache:
On Tue, Aug 31, 2010 at 12:00 AM, personal contact info removed wrote:
> > I'm using:
> >
> > CustomLog "/var/log/apache2/access_log" "%a %l %u %t \"%r\" %>s %b
> > \"%{Referer}i\""
> >
> > And I occasionally see this right around the time the CPU starts running at
> > 100%:
> >
> > :: - - [27/Aug/2010:12:28:01 -0700] "GET /favicon.ico HTTP/1.1" 200 - "-"
> >
> > %a is supposed to be an IP address, so what IP address is "::"? I'm only
> > somewhat familiar with IPv6 but I've never seen "::" before.

One or any number of consecutive groups of zero value may be replaced
with two colons. [ ... ]

The localhost (loopback) address, 0:0:0:0:0:0:0:1, and the IPv6
unspecified address, 0:0:0:0:0:0:0:0, are reduced to ::1 and ::,

Now, what reason would any client possibly have for using the unspecified ip address when online?
to maintain their privacy is the only legit use I can see myself.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

hmm, new thought

by Jaqui In reply to unspecified ip address

since the unspecified ip address is triggering a 100% cpu load event, this might be the newest mechanism for a ddos attack in it's infancy.

Collapse -

You better get onto it, then

by NexS In reply to hmm, new thought

I'll be waving the "We're right behind you, Jaqui" flag.

Collapse -


by Jaqui In reply to You better get onto it, t ...

I just contacted the hosting company I deal with about it.
They are going to look into it, since blocking "::" could potentially block ALL ip addresses.

Collapse -

by NexS In reply to lol

|| - -

Collapse -


by Jaqui In reply to :D
Collapse -


by NexS In reply to cute

In place of actually doing anything of helpful value.

Collapse -


by Jaqui In reply to Cute:

how can you do anything constructive with it?
yo have a honeypot set up to test the hypothesis that a client using :: will cause a 100% cpu usage and lock up a system?
and then to test how to block :: from accessing the server?

scary that it only takes one or two requests to that ip to effectively crash a server.

Related Discussions

Related Forums