• Pastychomper (unregistered)

    Error: Frist not valid

    Sceond!

  • cyborg (unregistered) in reply to Pastychomper

    Discourse error: forum not valid.

  • Kan Torius (unregistered)

    That looks almost like autogenerated code, with the multiplication by 1. Or it could be autogenerated by a codemonkey, which is nearly impossible to distinguish.

  • GettinSadda (disco)

    That "First" test does not match the claimed "IANA Reserved IP" range

  • Luhmann (disco) in reply to GettinSadda
    GettinSadda:
    That "Frist" test

    FTFY

  • SirTrollington (disco)

    Real WTF is that the Router only validates on client side with JS. You could use anything.

  • Eldelshell (disco) in reply to SirTrollington

    Don't give them ideas or next time your router will call a remote validation procedure in a NodeJS server in some farm in Bangladesh.

  • Jerome_Grimbert (disco)

    Wasn't JS developped after the IP address went classless ?

    (hint: JS appeared in 1995, CIDR in 1993)

    About validating with a remote farm: how do you validate first the IP address to connect to the farm ?

  • SirTrollington (disco) in reply to Jerome_Grimbert

    You use a try-validation: If you can connect to the farm, the IP is valid. If not, the user should take another guess.

  • Steve_The_Cynic (disco)
    Being a web script error, Phillip correctly figured ...

    Interesting, so Phillip is a web script error? I think you meant:

    Because it was a web script error, Phillip correctly figured ...

    Or maybe I'm just old-fashioned. ;(

  • Nutster (disco)

    Why bother multiplying sub_addr[3] by 1? Are we looking to slow down interpreted code even more?

    Also, I found a slight problem of word reversal. The first sentance of the second paragraph has the text

    Mark Bowytz":
    what would condition make
    I think that should read, "what condition would make". Just my two cents worth.

  • Zemm (disco) in reply to Steve_The_Cynic
    Steve_The_Cynic:
    Interesting, so Phillip is a web script error?

    I initially read it as "being a web script editor..." Which sort of makes sense.

  • Zemm (disco) in reply to Nutster
    Nutster:
    Also, I found a slight problem of word reversal.

    Him grammar good.

  • boomzilla (disco) in reply to Steve_The_Cynic
    Steve_The_Cynic:
    Or maybe I'm just old-fashioned. ;(

    Get with the times. The words mean exactly what the writer meant when he used them. No more, no less.

  • Steve_The_Cynic (disco) in reply to boomzilla
    boomzilla:
    Get with the times. The words mean exactly what the writer meant when he used them. No more, no less.
    So Truth has triumphed again! Mark B is really Humpty Dumpty!
  • eViLegion (disco) in reply to Steve_The_Cynic

    Can I be all the King's horses?

  • davidxn (disco)

    The web interface for my router from Comcast does tons of these kinds of checks as well, a long error-riddled Javascript function that mistakenly doesn't allow you to add more than 7 port forwards and forces them to be in a certain order or it'll throw up an error message about duplicates when there aren't any...

    Fortunately it's all just on the Javascript side - write a Chrome extension or something to turn all that garbage off and it works just fine (by the standards of 'just fine' expected from Comcast).

  • mark_bowytz (disco) in reply to eViLegion

    Party at my house. An egg-cellent time shall be had by all.

  • mark_bowytz (disco) in reply to Nutster
    Nutster:
    I think that should read, "what condition would make". Just my two cents worth.

    DOH! I'm unperfect. Fixed-um-up. Thnx.

  • mark_bowytz (disco) in reply to Steve_The_Cynic
    Steve_The_Cynic:
    Interesting, so Phillip is a web script error? I think you meant:

    Ok. So, "Phillip S. received an unexpected "Local IP Address is not valid" error." then "Being a web script error..."

    I'll claim guilt for repeating error twice - maybe message at the end of that frist sentence and THEN error. Bah. Look at the bad code dangit not my lousy writing!

  • drostie (disco) in reply to mark_bowytz

    You didn't quite get it. The criticism was instead that when you write a sentence of the form, "Being a bob, Alice caroled Dave," you are usually saying that Alice caroled Dave because she is a bob and that's what bobs do; they carol things. So substituting for example "bob -> manager, carol -> fire", you'd say "Being a manager, Alice fired Dave." That makes sense. What threw someone for a loop is that you said something akin to "Being a useless intern, Alice fired Dave." That makes it sound like Alice is a useless intern who has the ability to fire people.

    You meant "because [it] was a bob, Alice caroled Dave" which in this case is "Because he was a useless intern, Alice fired Dave," which makes more sense. That's the criticism.

    It was a good article though. Also, it's not necessarily a total WTF. I know it sounds like, because they validate client-side, they only validate client-side, but maybe they don't. I'd even say that it's best practice to validate both client-side and server-side. The client-side validation is strictly advisory and means that someone who is about to enter invalid info through normal channels gets realtime feedback that what they're entering is invalid. Then you have the server-side validation to enforce real security criteria for people who aren't constrained by nornaml channels. It's basically the principle of "my attack dogs will bark at you as you're approaching my evil lair, and will bite you if you step inside the gate." If they don't bark then someone might get bitten due to their ignorance, which is not necessarily what you want. Good henchmen and messengers are hard to find.

  • tarunik (disco) in reply to drostie
    drostie:
    It's basically the principle of "my attack dogs will bark at you as you're approaching my evil lair, and will bite you if you step inside the gate." If they don't bark then someone might get bitten due to their ignorance, which is not necessarily what you want. Good henchmen and messengers are hard to find.

    +1 for the analogy, simple enough for the most [s]evil[/s]incompetent PHBs to grasp. Or at least, so you'd hope...

  • mark_bowytz (disco) in reply to drostie
    Comment held for moderation.
  • aliceif (disco) in reply to drostie

    This post deserves a badge.

  • chubertdev (disco)

    If it were easier to view embedded code, this site would never run out of great WTFs.

  • FrostCat (disco) in reply to mark_bowytz
    Comment held for moderation.
  • FrostCat (disco) in reply to aliceif
    aliceif:
    This post deserves a badge.

    Yes, but we don't have a "non-dickweedy pendantry" badge.

  • chubertdev (disco) in reply to mark_bowytz
    Comment held for moderation.
  • nmclean (disco) in reply to drostie

    The sentence can be made unambiguous just by adding "it":

    It being a web script error, Phillip...

    The "because of" is implied.

  • Norman Diamond (unregistered)
    chubertdev:
    If it were easier to view embedded code, this site would never run out of great WTFs.
    I can imagine trying to save the screenshot:

    FILESYSTEMNOTFOUND

  • TheJosh (disco) in reply to chubertdev

    A quick view-source also shows unescaped entities in the PRE tags, which whilst handled correctly by all major browsers, is still incorrect.

  • christop (disco)

    My router has some goofy JavaScript code that always prohibits setting the last octet of either the start or end of the DHCP IP range from being 1 or 255, regardless of the subnet. For example, if the subnet is 10.0.0.0/16, the IPs 10.0.1.1 and 10.0.0.255 are perfectly cromulent client IPs, but the router's JavaScript code doesn't allow those addresses.

    It also requires the start and end addresses to have the same first three octets (even a range like 10.0.0.254 through 10.0.1.2 is "illegal" according to my router). It's almost as if the router programmers didn't anticipate anyone using a subnet larger than /24.

    Unfortunately, these restrictions are also enforced server-side, so I can't simply override the client-side checks (I already tried).

    Handling subnets (comparing, validating, etc) is such a simple and basic task for a router that I shudder to think what other bad code (some of which might be security holes) is contained within most routers.

  • TheCPUWizard (disco) in reply to christop

    10.0.0.254 -> 10.0.1.2 is NOT a valid range... A "subnet larger than /24" means that more that 24 sits (At the beginning) of the address are identical....

  • tarunik (disco) in reply to TheCPUWizard
    TheCPUWizard:
    10.0.0.254 -> 10.0.1.2 is NOT a valid range... A "subnet larger than /24" means that more that 24 sits (At the beginning) of the address are identical....

    Pedantry fail. A "subnet larger than /24" is usually read as one that has more IPs in it than a /24, which has fewer bits set in the subnet mask.

    Filed under: Hmmm...would having 255.0.255.0 as a subnet mask break anything?

  • Jerome_Viveiros (disco) in reply to drostie

    That's a really long way of saying "dangling/unrelated participle".

  • christop (disco) in reply to TheCPUWizard

    10.0.0.254 -> 10.0.1.2 is NOT a valid range...

    It sure is.

    Think of an IP address as a 32-bit number (since it really is a 32-bit number). The 10.0.0.0/16 subnet is equivalent to the range (0a000000, 0a00ffff). The lowest value is reserved as the network address and the highest value is reserved as the broadcast address. Let's be generous and reserve the second-lowest value for a gateway device. This gives a usable address range of (0a000002, 0a00fffe).

    The addresses 10.0.0.254 through 10.0.1.2 is equivalent to the range (0a0000fe, 0a000102), which is completely within (0a000002, 0a00fffe), so it's valid.

    My router just has an arbitrary fixation on /24 networks, even when I specify everything as a /16.

  • FrostCat (disco) in reply to Jerome_Viveiros
    Jerome_Viveiros:
    That's a really long way of saying "dangling/unrelated participle".

    That kind of pedantry[1] is one of the hallmarks of this site.

    [1] For the regulars, I'd like to point out I spelled that wrong--"wrong"--on purpose.

  • TheCPUWizard (disco) in reply to christop

    YEs, it is a 32 bit number - a certain number of bits are FIXED for the range and then the lower bits vary within the range. So since bit 8 (the lst of the third octet) in your example changes from 0 to 1 that bit is winin the range, and not part of the mask. So you have a 23 bit mask, leaving 9 bits for the range.... Therefore 10.0.0.0 through 10.0.1.255... (then discount the high/low for network/broadcast, etc...)

  • Seahen (disco)

    TRWTF is that they blame the IANA for reserving IP addresses, when it's the IETF's fault that the IPv4 address space is closer to 3 billion addresses than 4 billion.

  • christop (disco) in reply to TheCPUWizard

    I was actually talking about the (user-adjustable) range of addresses for a DHCP server to assign to clients on the network, not the size of the subnet itself. Obviously a /16 is going to have 65534 usable addresses (minus one for the gateway), but the DHCP address range can be (or should be) as small or as large as the user wants, but some routers don't believe in allowing the user to use the full available address range, or even a significant portion of it, for DHCP.

  • redwizard (disco) in reply to tarunik
    tarunik:
    Filed under: Hmmm...would having 255.0.255.0 as a subnet mask break anything?

    I once set a subnet of 255.255.255.1. IP of 10.10.10.0 through 10.10.10.255, all the odd numbers were on one subnet and all the even numbers were on the other using that setting. It works too (if you don't run into some code that checks for "valid" subnets and stops you.)

    Not recommended for production systems. ;-)

  • tin (disco)

    I hate to point out the obvious, but the AM300 was discontinued years ago, and was quite cheap during it's time. It's also a single port modem designed at a time where a single computer was all most households had connected to the internet. Expected lifespan of said modem would have been around 2 years (ie a consumer ADSL contract period).

    And given the 2008 date on the latest firmware, expect it to be riddled with security issues. Did anyone actually check if the blocked ranges were allocated in 2008?

  • Spencer (disco) in reply to mark_bowytz

    You know, there's nothing in the nursery rhyme that says (or even suggests) that Humpty Dumpty is an egg.


    Filed under: Nursery rhymes are, like, dark, man

Leave a comment on “IP Address Denial”

Log In or post as a guest

Replying to comment #:

« Return to Article