Bypassing blacklists based on IPy

IPy is a Python "class and tools for handling of IPv4 and IPv6 addresses
and networks" (https://github.com/haypo/python-ipy). This library is
sometimes used to implement blacklists forbidding internal, private or
loopback addresses.

Using octal encoding (supported by urllib2), it is possible to bypass
checks based on the result of the iptype() function. For example, IP
address '0177.0000.0000.0001' is considered as 'PUBLIC' but resolves to
'127.0.0.1' when accessed via urllib2.

Developers were informed, no news since then… More details on my blog:
http://www.agarri.fr/kom/archives/2014/10/15/bypassing_blacklists_based_on_ipy/index.html

Cheers,
Nicolas Gregoire