Hi CHO wrote: > I am getting a lot of events comming from IP-Adress 0.0.0.0 > Various events.... > What can that be ? Is somebody in here, try to crack the > hell out of our net??? or is it just normal?? > How can it appear in normal traffic?
This is "standard" practice. Any attack that commonly comes with a spoofed source address has the "real" address replaced with "0.0.0.0" as an indication that the source address is not to be trusted as being the source of the attack. The "real" address is in the additional information of the alert. Personally, I do not agree with this functionality, but it is a pretty standard practice within the ISS family of products and so it needs to be understood. Robert -- Robert Turner GCIA Security Solutions Designer & Analyst BT Secure Business Services T: +44 (0)113 244 5951 F: +44 (0)113 244 5657 [EMAIL PROTECTED] == # include std.disclaimer ===================================== British Telecommunications plc Registered office: 81 Newgate Street London EC1A 7AJ Registered in England no. 1800000 This electronic message contains information from British Telecommunications plc which may be privileged or confidential. The information is intended to be for the use of the individual(s) or entity named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic message in error, please notify us by telephone or email (to the numbers or address above) immediately. Activity and use of the British Telecommunications plc E-mail system is monitored to secure its effective operation and for other lawful business purposes. Communications using this system will also be monitored and may be recorded to secure effective operation and for other lawful business purposes. ================================================================= _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
