[K12OSN] OT: Break-In report
Nils Breunese
nils at breun.nl
Wed Jan 2 18:17:13 UTC 2008
Rob Asher wrote:
> There are a couple of things specific for RHEL/CentOS 4.x in the
> script. For some reason the IP always begins with "::ffff:" hence
> removing it with sed.
By doing that you're converting an IPv6 address to an IPv4 address.
From <http://en.wikipedia.org/wiki/IPv6>: "A sequence of 4 bytes at
the end of an IPv6 address can also be written in decimal, using dots
as separators. This notation is often used with compatibility
addresses (see below). This addressing scheme is convenient when
dealing with the mixed environment of IPv4 and IPv6 addresses. The
general notation is of the form x:x:x:x:x:x:d.d.d.d where x's are the
6 higher order hexadecimal digits whereas d's correspond to the
decimal digits of lower order 8 bit pieces of address, as it is the
IPv4 format. For example, ::ffff:12.34.56.78 is the same address
as ::ffff:0c22:384e and 0:0:0:0:0:ffff:0c22:384e. Usage of this
notation is deprecated and unsupported by numerous applications.
Additional information can be found in RFC 4291 - IP Version 6
Addressing Architecture."
Nils Breunese.
More information about the K12OSN
mailing list