Show threadBruce Simpson, Ph.D.Mar 8
And the name of that #StrongES extension? net.inet.ip.source_address_validation, which, incidentally, is missing from the #FreeBSD ip(4) man page just now, along with its close cousin, net.inet.ip.rfc1122_strong_es. See #IETF #RFC1122 https://datatracker.ietf.org/doc/html/rfc1122
Volunteers?
RFC 1122: Requirements for Internet Hosts - Communication Layers

This RFC is an official specification for the Internet community. It incorporates by reference, amends, corrects, and supplements the primary protocol standards documents relating to hosts. [STANDARDS-TRACK]

IETF Datatracker
BillAug 9, 2024

Utterly fascinating flaw in the way *nix systems handle requests to 0.0.0.0 in browsers.

https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser

#http #browser #rfc1122

0.0.0.0 Day: Exploiting Localhost APIs From the Browser

Oligo Security's research team recently disclosed the “0.0.0.0 Day” vulnerability. This vulnerability allows malicious websites to bypass browser security and interact with services running on an organization’s local network

Oligo Security