Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
IP source 0.0.0.0
- Thread starter haneo
- Start date
ChicagoJim
MIS
Without knowing more about your network and the rest of the content of the log entries you refer to, it’s hard to say if it is “normal” to see source IP 0.0.0.0 in your log entries.
For instance, Bootp/DHCP packets will have a source IP of 0.0.0.0, port 68 to destination IP 255.255.255.255, port 67. These packets are most likely harmless, and quite normal on a network using DHCP.
However, I have also seen log entries with source IP 0.0.0.0, 0 to dest. IP 0.0.0.0, 0, which turned out to be an insider attempt to covertly map my network. Too bad he forgot to spoof his MAC address ;-)
For instance, Bootp/DHCP packets will have a source IP of 0.0.0.0, port 68 to destination IP 255.255.255.255, port 67. These packets are most likely harmless, and quite normal on a network using DHCP.
However, I have also seen log entries with source IP 0.0.0.0, 0 to dest. IP 0.0.0.0, 0, which turned out to be an insider attempt to covertly map my network. Too bad he forgot to spoof his MAC address ;-)
- Thread starter
- #3
- Status
Similar threads
- Locked
- Question