Skip to content(if available)orjump to list(if available)

Welcome to the IPv4 Games

Welcome to the IPv4 Games

25 comments

·August 5, 2025
Visit

johnisgood

On the website, there was a link to a game: https://www.familiars.io

I spent an hour playing it! It is quite good.

Is there a source code available for this game?

HanClinto

Holy moley, that is some high-octane dopamine right there.

Really fun game, thank you for linking it!

nicman23

femboy.cat with a casual 0.2% of the internet

vaylian

But how do they achieve that? Do you use a lot of VPNs?

maverwa

my first guess would be: server honors X-Forwarded-For where it should not?

Edit: looks like thats it: https://github.com/jart/cosmopolitan/blob/master/net/turfwar...

So basically someone is running a script iterates over the whole ipv4 range and calls the claim endpoint with each single adress in the X-Forwared-For http header once.

3r7j6qzi9jvnve

That only works if the proxy is sitting on localhost or a local network, just setting the header shouldn't work.

(I came here because I was curious how jart got 127 and 10, but after seeing the source is their's that's less of wonder..)

viraptor

The line just under that prevents public IPs from using that function.

elitepleb

a simple proof of the opposite is that no one's yet to exploit any of the untaken ranges that way

justusthane

I don't know, but check out the "Recent Successful Claims" on the right.

Edit: Apparently they run https://novo.tf/, a CAPTCHA service, so they're probably using that to call out to ipv4.games from their clients.

nilsherzig

Embedding images on a popular page?

But according to the servers status at http://35.223.193.241:443/statusz nearly all claim requests expected to get html back not images.

gruez

There's plenty of ways around that, for instance

    <script src="https://ipv4.games/claim?name=gruez">
or

    <iframe src="https://ipv4.games/claim?name=gruez">

adzm

I wouldn't be surprised if they had it call out from guns.lol or something

bombcar

They’re top of the list, so at least some is seeing that and choosing to add to it.

viraptor

There are VPNs which use residential endpoints. You essentially use other users' IPs there.

maldonad0

Maybe spoofing source IPs.

sgjohnson

can't spoof the source IP in TCP communication, as the handshake cannot happen.

With UDP you can send whatever, but obviously you won't be able to receive the response.

cedws

Botnet maybe.

sgjohnson

_nobody_ would waste a botnet of 9 million unique IPs like this.

chrismorgan

(2022)

Also, submission title “Welcome to the IPv4 Games” is altered; the original title is “IPv4 Turf War”.

Previously: https://news.ycombinator.com/item?id=32790429

snvzz

Somebody is obviously monopolizing ipv4 space.