diff --git a/lib/utils/ip.js b/lib/utils/ip.js
index 6b977db4..a6080893 100644
--- a/lib/utils/ip.js
+++ b/lib/utils/ip.js
@@ -81,8 +81,10 @@ IP.parseHost = function parseHost(addr, fallback) {
   assert(host.length > 0, 'Bad host.');
 
   if (port != null) {
+    assert(port.length <= 5, 'Bad port.');
     assert(/^\d+$/.test(port), 'Bad port.');
     port = parseInt(port, 10);
+    assert(port <= 0xffff);
   } else {
     port = fallback || 0;
   }
@@ -108,6 +110,7 @@ IP.hostname = function hostname(host, port) {
   assert(typeof host === 'string');
   assert(host.length > 0);
   assert(typeof port === 'number');
+  assert(port >= 0 && port <= 0xffff);
 
   assert(!/[\[\]]/.test(host), 'Bad host.');
 
@@ -132,8 +135,6 @@ IP.hostname = function hostname(host, port) {
  */
 
 IP.version = function version(str) {
-  assert(typeof str === 'string');
-
   if (IP.isV4Format(str))
     return 4;
 
@@ -150,6 +151,8 @@ IP.version = function version(str) {
  */
 
 IP.isV4Format = function(str) {
+  assert(typeof str === 'string');
+
   if (str.length < 7)
     return false;
 
@@ -166,6 +169,8 @@ IP.isV4Format = function(str) {
  */
 
 IP.isV6Format = function(str) {
+  assert(typeof str === 'string');
+
   if (str.length < 2)
     return false;
 
@@ -380,6 +385,8 @@ IP.normalize = function normalize(str) {
  */
 
 IP.isPrivate = function(str) {
+  assert(typeof str === 'string');
+
   return /^(::f{4}:)?10\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/i.test(str)
     || /^(::f{4}:)?192\.168\.([0-9]{1,3})\.([0-9]{1,3})$/i.test(str)
     || /^(::f{4}:)?172\.(1[6-9]|2\d|30|31)\.([0-9]{1,3})\.([0-9]{1,3})$/i.test(str)
@@ -408,6 +415,8 @@ IP.isPublic = function(str) {
  */
 
 IP.isLoopback = function(str) {
+  assert(typeof str === 'string');
+
   return /^(::f{4}:)?127\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})/.test(str)
     || /^fe80::1$/.test(str)
     || /^::1$/.test(str)