Darren Reed wrote:
>
> In some mail from Chris St. Clair, sie said:
> >
> > As for an interim fix, it depends on the software and how flexible
> > it is. Some will let you block certain regex's, some won't. If it
> > does support regex's, the actual regex will depend on the different
> > combinations you can use to represent the IP octets. For example,
> > a combination of hex, octal, and regular decimal:
> > 0xc0.168.000000001.1
> >
> > Coming up with an effective regex to match that might be tough.
>
> See, that's the wrong approach to take, IMHO.
Agreed.
> Whatever software is doing that should be converting the "hostname"
> into something it can match. A small amount of translation never
> goes astray. When that is done, evrything is either a hostname or
> a dotted-quad string and life is much easier.
Chris and I recommended to the vendors that everything be translated to
a canonical form before matching (32-bit unsigned ints in network byte
order are tremendously unambiguous). However, the only mechanism many
of them have available in the meantime is regex matching of varying
sophistication. Uggh. :^p
-paul
