09-21-2011 09:07 AM - edited 03-10-2019 05:29 AM
We have a internal node in the environment and our IPS is catching in the event logs stating it is sending traffic to victim ip 0.0.0.0. I am assuming that 0.0.0.0 means a broadcast, is this correct?
Solved! Go to Solution.
09-21-2011 12:15 PM
No, 0.0.0.0 is used as a summary address. If the signature was a port scan for example, the victim IP addresses may be too numerous to list, so Cisco uses the 0.0.0.0 address to indicate that is has summarized multiple addresses into that field.
- Bob
09-21-2011 12:15 PM
No, 0.0.0.0 is used as a summary address. If the signature was a port scan for example, the victim IP addresses may be too numerous to list, so Cisco uses the 0.0.0.0 address to indicate that is has summarized multiple addresses into that field.
- Bob
09-21-2011 12:18 PM
awesome thx!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide