Hello and welcome to the Wednesday, March 18th,

2026 edition of the Sands-in-Landed Storms, Stormcast.

My name is Johannes Ulrich, recording today from Jacksonville, Florida.

And this episode is brought you by the sands.edu, graduate certificate program in penetration testing and ethical hacking.

Today, I took a little bit of closer look at the IPV4 mapped IPB6 addresses.

That's something that came up yesterday when I looked at these proxy requests in our honeypot

and just to see a little bit, you know,

how they work and how they're being used. Now, really, these addresses should never be seen

on the network. They're really sort of more an internal operating system construct to allow

essentially IPV6-only software to still communicate via IPV4.

But yes, they are still somewhat usable.

Now, I did a quick test here with Ping6.

Ping 6 does not work because, well, even if it would convert it to IPV4 as it should, Pink 6 only sends IPV6 packets,

and that of course will not work. But other tools, like for example WGet or your browser,

will happily accept these mapped addresses. They'll translate them to IPV4 and basically then

communicate over the network just using to IPB4 and basically then communicate over the network

just using the IPV4 address.

Not sure if there's really sort of a security problem here with this.

It could be abused for some kind of obfuscation, like you often see people use odd

IP addresses like octal formats or just the long integer format in order

to obfuscate IPV6 addresses. There's really just another way to sort of encode an IP address

as a string in that sense and probably doesn't really add any additional threat. Yet another

...