cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

680
Views
0
Helpful
2
Replies
cminton_ERS
Beginner

IPS sensor event reporting showing source ip 10.5.5.5 victim ip 0.0.0.0- does 0.0.0.0 mean a broadcast?

We have a internal node  in the environment and  our IPS is catching in the event logs stating it is sending traffic to victim ip 0.0.0.0.  I am assuming that 0.0.0.0 means a broadcast, is this correct?

1 ACCEPTED SOLUTION

Accepted Solutions
rhermes
Rising star

No, 0.0.0.0 is used as a summary address. If the signature was a port scan for example, the victim IP addresses may be too numerous to list, so Cisco uses the 0.0.0.0 address to indicate that is has summarized multiple addresses into that field.

- Bob

View solution in original post

2 REPLIES 2
rhermes
Rising star

No, 0.0.0.0 is used as a summary address. If the signature was a port scan for example, the victim IP addresses may be too numerous to list, so Cisco uses the 0.0.0.0 address to indicate that is has summarized multiple addresses into that field.

- Bob

awesome thx!

Create
Recognize Your Peers
Content for Community-Ad