09-21-2011 09:07 AM - edited 03-10-2019 05:29 AM
We have a internal node in the environment and our IPS is catching in the event logs stating it is sending traffic to victim ip 0.0.0.0. I am assuming that 0.0.0.0 means a broadcast, is this correct?
Solved! Go to Solution.
09-21-2011 12:15 PM
No, 0.0.0.0 is used as a summary address. If the signature was a port scan for example, the victim IP addresses may be too numerous to list, so Cisco uses the 0.0.0.0 address to indicate that is has summarized multiple addresses into that field.
- Bob
09-21-2011 12:15 PM
No, 0.0.0.0 is used as a summary address. If the signature was a port scan for example, the victim IP addresses may be too numerous to list, so Cisco uses the 0.0.0.0 address to indicate that is has summarized multiple addresses into that field.
- Bob
09-21-2011 12:18 PM
awesome thx!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: