Angus Robertson 577 Posted February 11, 2021 15:33:40 Request from 209.141.46.116 (), Host=TELECOM: http://2573636313/ GET 15:33:40 !!! Application Server Exception Big - Integer overflow 15:33:43 Restarting Server After Errors Guess we need to validate silly URLs more carefully. Angus Share this post Link to post
FPiette 385 Posted February 11, 2021 It is valid to provide an IP as an integer. Would be solved if parsing make use of int64. 2 Share this post Link to post
Angus Robertson 577 Posted February 11, 2021 So I guess a hacker testing IPv4 addresses sequentially, and too lazy to convert his numbers to a dotted IP address, except the server is http://3650250390/ which does work from Firefox, but may have been converted by the browser. One of my hacking tests is for numeric IPs since no real visitor would use them, they go on an immediate 24 hour block list. Angus Share this post Link to post
Fr0sT.Brutal 900 Posted February 12, 2021 Hmm, what's the request was in fact? Is that was 'Host: xxx' header field? Share this post Link to post
Angus Robertson 577 Posted February 12, 2021 Yes, that logging line is built from the host header, RequestHost and Path properties. I'll need to test this under the debuggger to see if the overflow was in my logging code or the server component. Angus Share this post Link to post
Angus Robertson 577 Posted February 12, 2021 Found the integer overflow in WSocketIsDottedIP, not sure why it was called, but fixed anyway. Had to write a little application to create fake web requests, should really improve it for server testing. Angus Share this post Link to post