IPv4 mapped address (RFC2553/3493) ::ffff:127.0.0.1 Representation of 127.0.0.1 on top of AF_INET6 socket (real peer is IPv4, 127.0.0.1) Not distinguishable between the following two: IPv4 packet goes into AF_INET6 socket (kernel translates the address) Real IPv6 packet with ::ffff:127.0.0.1 Ambiguity leads to Security hole Malicious party could circumvent access control Malicious party could make you generate unexpected IPv4 packet Services that flip src/dst - DNS server, udp echo, ... Solution Do not use IPv4 mapped address by setsockopt(IPv6_V6ONLY, 1), open AF_INET socket for IPv4 Specification picked insecure behavior as default! Some OSes (OpenBSD, NetBSD, FreeBSD) are cautious and picked safer default