Contents

---
title: Invalid IP Address binding
permalink: /invalid-ip-addr-binding/
layout: default
---

# Invalid IP Address binding

## What is it?

Binding an IP address to a server or service means authorizing connections incoming from those networks. This allows to limit what kind of incoming connections a server may or may not accept. Binding the 0.0.0.0 IP address to a service means that any connection from any network is accepted.

### Example
Using Puppet to configure a MySQL database bind address:
```puppet
  class { 'mysql::server':
    config_hash => {
                     'bind_address' => '0.0.0.0'
                   }
  }
```
This configuration means that the database accepts connections from anywhere, including remote clients if it's connected to the internet.


## How can it be exploited?

A server or service that's open to all kinds of connections it's more exposed to possible attacks coming from non intended networks. A malicious attacker can try to gain access to it just by using it's own network or other compromised networks across the globe.

## How to avoid it?

Properly configuring binding addresses means that the server should only accept connections from trusted networks known to use the service. This ensures a greater level of control and also protection, as an attacker would know have an extra obstacle in trying to gain access first to one of those networks.

Version data entries

1 entries across 1 versions & 1 rubygems

Version	Path
puppet-sec-lint-0.5.14	docs/invalid-ip-addr-binding.md