IP address 255.255.255.255 or 0.0.0.0

[hubs702]

I get visits from somebody / some robot ? remaining hidden: no ISP available, no host name, no location, and IP address being the very peculiar 255.255.255.255

Does anyone have any idea of who/what it can be ?

Visits last rather long (several tenths minutes) with a few pages loaded (but not the whole site)

thanks in advance and best regards
Hubs

 

[webado]

Somebody on a network behind an organizational proxy perhaps.

Statcounter finds out the external IP is from a proxy so it backs up one step to the IP shown as being behind that proxy and lands on a kind of internal IP address.

http://www.faqs.org/rfcs/rfc3330.html

See:

240.0.0.0/4 - This block, formerly known as the Class E address
space, is reserved. The "limited broadcast" destination address
255.255.255.255 should never be forwarded outside the (sub-)net of
the source. The remainder of this space is reserved for future use.
[RFC1700, page 4]

 

[hubs702]

then, no chance of identifying the litle spy?

so bad to me !

thanks however;-)

Hubs

 

[jg_abad]

even i m getting visitors from same ip, is there any way to get information of true ip??

 

[webado]

Well not at this time.

This is happening because Statcounter recognizes that the visitor's IP is from a proxy and goes beyond that to find the true IP, behind the proxy. Except sometimes going behind the proxy ends up on an internal network with internal IP's like this and others (e.g. 127.0.*.*, 198.168.*.*, etc.).

Statcounter will have to modify the scripts to recognize IP's like this which are internal rather than external and report the first IP detected, even if it's that of a proxy server. It's not quite as easy as one may think.

 

[pitcherthis]

ive had the 255.255.255.255 visit the site repeatedly,

over a number of days and its starting to really confuse me, as i still don't understand who the people behind this ip might be.
i read the whole thread but didn't understand much of it as i'm not technical at all. would it be possible to explain this in simpler, less technical language?
i'd like to know who might be using this ip (as this is a relatively new occurence, the last few weeks, i think)?
why they would be using it?
thanks

 

[webado]

It's not a particular person. It's anybody using a particular system of internet connection with some proxy and firewall set up in a certain way.

It's a bit like the ip address 127.0.0.1 - this is always localhost, meaning your or mine or anybody's own pc.

 

[statbuddy]

i also encountered the same ip visitor ( which is my freinds network later i found) its a educational firm.

as i know they are using internet via 3 ISP (different ones)

and merging those 3 into one via a single proxie

thanks
chandan
mathaadona.blogspot.com

 

[webado]

Aha! Thanks for letting us know how the thing works

 

[Prabhat]

how its posible, that some one visit from 255.255.255.255 must be nut spammer playing with those things.

 

[webado]

how its posible, that some one visit from 255.255.255.255 must be nut spammer playing with those things.

Didn't you read the explanations above?

 

[pitcherthis]

ip 255.255.255.255

my boyfriend says this is not an ip address, it's an ip netmask, in fact a specific one - called a broadcast address. this netmask is used to send out a 'message' to find out if anything else is out there. as it is a broadcast address, it's highly unlikely anybody is using it to spoof or attempt to hack. it is much more likely to be a badly set up router or dns/dhcp server. it could also be coming from more than one network.

to find out more try ldp in your search engine and look at netmasks and broadcast address.:roll:

 

[africa2020]

This does not explain in a way I can understand, why this number will show up in StatCounter, and more especially, why it has only been showing up for the FIRST EVER time in recent weeks. For all these years before, it seemed to not show up, and now is very frequent. I think it has a cause in some new way StatCounter is working: either better (formerly ignoring it) or different (formerly showing something else). I have a suspicion though that it is some "privacy" trick, whereby an IP is set to this "false" address.

 

[Michael100]

We have had that show up and another counter shows the true IP of the visitor. In some cases it seems to be people using a PDA mobile network. Maybe those mobiles do not pick up javascript or something like that.

 

[webado]

I have a suspicion though that it is some "privacy" trick, whereby an IP is set to this "false" address.

Precisely - privacy trick. The visitor has got a funky firewall/proxy setting that does this.

Nothing to do with javascript.

Statcounter detects a proxy so it discards the IP it first found in favor of the IP behind that one. Occasionally it's a dud like this.

 

[africa2020]

Statcounter detects a proxy so it discards the IP it first found in favor of the IP behind that one. Occasionally it's a dud like this.

Thanks C., in this case, perhaps it would be better for usability, and to avoid the annoyance, if SC developers write into the code "if 255.255.255.255, discard in favor of other IP addresses"

 

[webado]

There are a few other dud ip's that should be handled by something like that.

There's 255.255.255.255, 0.0.0.0 and the whole slew of ip addresses which can only be on a LAN and localhost.

I hope one day they can all be identified and set aside.
I don't know if perhaps it's been taken care of by the beta tracker we are testing now. I haven't had any of those IP's for a while now so can't be sure.

 

[dscoleman]

Just had a 255.255.255.255 appear in my log today, luckily for me I have an image hosted on another webserver of mine which did log this visitor. In my case the visitor was coming from a Blackberry network.

 

[webado]

Ok, I think that's a proxy type of setup, so when Statcounter figures out a proxy is involved it tries to go back one step to find the real IP. Not always succeeding in having a real one though.

 

[tongson]

Obviously a bug

I tried replicating this using a custom proxy. Tried putting various valid and invalid IPs into Via, X-Forwarded-For, Forwarded, Forwarded, X-Forwarded headers but REMOTE_ADDR is always recorded by StatCounter.

So how does StatCounter go on finding the real IP when it detects a proxy. I would like to know.