0.0.0.0

The Internet Protocol Version 4 (IPv4) address 0.0.0.0 can have multiple uses.

Uses

Outgoing packet

IANA, who allocate IP addresses globally, have allocated the single IP address 0.0.0.0 to RFC 1122 section 3.2.1.3.^[1] For outgoing packets, 0.0.0.0 as the source IP means “this host on this network".^[2]

RFC 1122 refers to 0.0.0.0 using the notation {0,0}. It prohibits this as a destination address in IPv4 and only allows it as a source address during the initialization process, when the host is attempting to obtain its own address.^[3] Those host initialization process can be found in BOOTP (RFC 951) or DHCP (RFC 2131).

In a BOOTP bootrequest, the client fills in its own known IP address as the source, or 0.0.0.0 if the address is unknown.^[4]

In DHCP, a host may use 0.0.0.0 as its own source address in IP when it has not yet been assigned an address, such as when sending the initial DHCPDISCOVER packet when using DHCP.^[5] This usage has been replaced with the APIPA mechanism in modern operating systems.

As it is limited to use as a source address and prohibited as a destination address, setting the address to 0.0.0.0 explicitly specifies that the target is unavailable and non-routable.^[6] That method is also useful in DNS-based ad-blocking. For example in /etc/hosts file, when adding this line 0.0.0.0 badsite.com, this maps badsite.com to an invalid/unusable host (0.0.0.0). Since 0.0.0.0 is the source address and non-routable, attempts to connect to badsite.com will fail.^[7]

Binding

As defined by RFC 1122 to be a source address only, the operating system ensures that any packet with a destination address of 0.0.0.0 is sent over the loopback interface—i.e., it doesn't leave the system.^[8] In Linux, a program which specify 0.0.0.0 as the remote address will actually connect to the current host (AKA localhost).^[8] That behavior occurs due to the implementation in the Linux kernel. Whenever it encounters a packet with a destination address of 0.0.0.0 (which, according to RFC 1122, is treated as having no destination address), the kernel replaces the source address with that 0.0.0.0 destination address.^[9] That kernel address replacement process follows the instruction in RFC 1122 on section 4.2.4.4 Multihoming.^[10]

For binding in both Windows and Linux, when selecting which of a host's IP address to use as a source IP, a program may specify INADDR_ANY (0.0.0.0).^[11]^[12] When a program binds to 0.0.0.0, it accepts connections from localhost (127.0.0.1), LAN IPs (e.g., 192.168.x.x) and public IPs (if configured and firewall allows it), while binding to 127.0.0.1 only accepts connections from the same machine.^[13]

Routing

In routing tables, 0.0.0.0 can also appear in the gateway column. This indicates that the destination is directly reachable on a local interface and no next-hop router (gateway) is needed.^[14]

The CIDR notation 0.0.0.0/0 defines an IP block containing all possible IP addresses. It is commonly used in routing to depict the default route as a destination subnet. It matches all addresses in the IPv4 address space and is present on most hosts, directed towards a local router.^[15]

In IPv6

In IPv6, the all-zeros address is typically represented by :: (two colons), which is the short notation of 0000:0000:0000:0000:0000:0000:0000:0000.^[16] The IPv6 variant serves the same purpose as its IPv4 counterpart.

0.0.0.0 day exploit

In August 2024, researchers from Israeli cybersecurity firm Oligo announced that they had discovered a security flaw was being exploited, in which malicious requests from a target's web browser were allowed to reach any port of the 0.0.0.0 address of their target, allowing the browser (and therefore the remote attacker) to access private resources. Depending on what software is configured to be listening, the attackers could exfiltrate internal company information or developer code, or issue any requests to the software's APIs.^[17]^[18]

References

^ "IANA IPv4 Special-Purpose Address Registry". Internet Assigned Numbers Authority. 19 August 2009. Retrieved 7 June 2023.
^ IETF 1989, p. 29, 3.2.1.3 Addressing: RFC-791 Section 3.2.
^ IETF 1989, p. 30, 3.2.1.3 Addressing: RFC-791 Section 3.2 "(a) {0, 0}".
^ "RFC 951 Bootstrap Protocol". datatracker.ietf.org. pp. 3. Packet Format. Retrieved 12 July 2025.
^ "RFC 2131: Dynamic Host Configuration Protocol". 4.1 Constructing and sending DHCP messages.
^ R. Woundy; K. Marez (December 2006). Cable Device Management Information Base for Data-Over-Cable Service Interface Specification (DOCSIS) Compliant Cable Modems and Cable Modem Termination Systems. Network Working Group. doi:10.17487/RFC4639. RFC 4639. Proposed Standard. p. 32. Obsoletes RFC 2669. Updated by RFC 9141. If 0.0.0.0, either syslog transmission is inhibited, or the Syslog server address is not an IPv4 address.
^ Kitt, Stephen (19 November 2022). "Why accessing 0.0.0.0:443 gets redirected to 127.0.0.1:443 on Linux and how to disallow it?". Stack Exchange. Retrieved 7 June 2023.
^ ^a ^b Kitt, Stephen (26 January 2018). "Connecting to IP 0.0.0.0 succeeds. How? Why?". Stack Exchange. Retrieved 7 June 2023.
^ "Linux kernel source code: net/ipv4/route.c". elixir.bootlin.com. line 2742.
^ IETF 1989, p. 108, 4.2.4.4 Multihoming, IMPLEMENTATION.
^ Kerrisk, Michael (22 March 2021). "ip(7) — Linux manual page". man7.org. Retrieved 7 June 2023.
^ "bind function (winsock.h) - Win32 apps". Microsoft Learn. 19 August 2022. Retrieved 7 June 2023.
^ Postill, David (2 August 2015). "What's the difference between 127.0.0.1 and 0.0.0.0?". Stack Exchange. Retrieved 7 June 2023.
^ Henry-Stocker, Sandra (4 August 2013). "Unix: Getting from here to there (routing basics)". Network World. Retrieved 7 June 2023.
^ Abraham, Tim (2020). Metabase Up and Running Introduce Business Intelligence and Analytics to Your Company and Make Better Business Decisions (1st ed.).
^ Das, Kaushik (2008). "IPv6 Addressing". ipv6.com. Archived from the original on 11 April 2015. Retrieved 7 June 2023.
^ Brewster, Thomas (7 August 2024). "Hackers Have Exploited An 18-Year-Old '0.0.0.0-Day' Loophole In Safari, Chrome And Firefox". Forbes. Retrieved 8 August 2024.
^ Lyons, Jessica (9 August 2024). "It's 2024 and we're just getting round to stopping browsers insecurely accessing 0.0.0.0". The Register. Retrieved 25 May 2025.

Works cited

IETF (October 1989). RFC 1122: Requirements for Internet Hosts -- Communication Layers. Internet Engineering Task Force. Retrieved 21 June 2025.

External links

M. Cotton; L. Vegoda; B. Haberman (April 2013). R. Bonica (ed.). Special-Purpose IP Address Registries. Internet Engineering Task Force. doi:10.17487/RFC6890. ISSN 2070-1721. BCP 153. RFC 6890. Best Current Practice 153. Obsoletes RFC 4773, 5156, 5735 and 5736. Updated by RFC 8190.

[1] "IANA IPv4 Special-Purpose Address Registry". Internet Assigned Numbers Authority. 19 August 2009. Retrieved 7 June 2023.

[FOOTNOTEIETF1989293.2.1.3_Addressing:_RFC-791_Section_3.2-2] IETF 1989, p. 29, 3.2.1.3 Addressing: RFC-791 Section 3.2.

[FOOTNOTEIETF1989303.2.1.3_Addressing:_RFC-791_Section_3.2_"(a)_{0,_0}"-3] IETF 1989, p. 30, 3.2.1.3 Addressing: RFC-791 Section 3.2 "(a) {0, 0}".

[4] "RFC 951 Bootstrap Protocol". datatracker.ietf.org. pp. 3. Packet Format. Retrieved 12 July 2025.

[5] "RFC 2131: Dynamic Host Configuration Protocol". 4.1 Constructing and sending DHCP messages.

[6] R. Woundy; K. Marez (December 2006). Cable Device Management Information Base for Data-Over-Cable Service Interface Specification (DOCSIS) Compliant Cable Modems and Cable Modem Termination Systems. Network Working Group. doi:10.17487/RFC4639. RFC 4639. Proposed Standard. p. 32. Obsoletes RFC 2669. Updated by RFC 9141. If 0.0.0.0, either syslog transmission is inhibited, or the Syslog server address is not an IPv4 address.

[7] Kitt, Stephen (19 November 2022). "Why accessing 0.0.0.0:443 gets redirected to 127.0.0.1:443 on Linux and how to disallow it?". Stack Exchange. Retrieved 7 June 2023.

[Kitt-8] Kitt, Stephen (26 January 2018). "Connecting to IP 0.0.0.0 succeeds. How? Why?". Stack Exchange. Retrieved 7 June 2023.

[9] "Linux kernel source code: net/ipv4/route.c". elixir.bootlin.com. line 2742.

[FOOTNOTEIETF19891084.2.4.4_Multihoming,_IMPLEMENTATION-10] IETF 1989, p. 108, 4.2.4.4 Multihoming, IMPLEMENTATION.

[11] Kerrisk, Michael (22 March 2021). "ip(7) — Linux manual page". man7.org. Retrieved 7 June 2023.

[12] "bind function (winsock.h) - Win32 apps". Microsoft Learn. 19 August 2022. Retrieved 7 June 2023.

[HowToGeek-13] Postill, David (2 August 2015). "What's the difference between 127.0.0.1 and 0.0.0.0?". Stack Exchange. Retrieved 7 June 2023.

[NetworkWorld-14] Henry-Stocker, Sandra (4 August 2013). "Unix: Getting from here to there (routing basics)". Network World. Retrieved 7 June 2023.

[15] Abraham, Tim (2020). Metabase Up and Running Introduce Business Intelligence and Analytics to Your Company and Make Better Business Decisions (1st ed.).

[16] Das, Kaushik (2008). "IPv6 Addressing". ipv6.com. Archived from the original on 11 April 2015. Retrieved 7 June 2023.

[17] Brewster, Thomas (7 August 2024). "Hackers Have Exploited An 18-Year-Old '0.0.0.0-Day' Loophole In Safari, Chrome And Firefox". Forbes. Retrieved 8 August 2024.

[18] Lyons, Jessica (9 August 2024). "It's 2024 and we're just getting round to stopping browsers insecurely accessing 0.0.0.0". The Register. Retrieved 25 May 2025.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]