Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
573
Views
0
Helpful
1
Replies

IDS: Network attack with Source IP 0.0.0.0

avilt
Level 3
Level 3

‎06-29-2006 05:29 PM - edited ‎03-09-2019 03:26 PM

Hi,

I am getting large number of attacks in my IDS logs with the source IP 0.0.0.0

These are not broadcast signatures like DHCP or Netbios. How can I track the real source of this attack?

Labels:
0 Helpful
1 Reply 1

hemendoz
Cisco Employee
Cisco Employee

‎06-29-2006 06:39 PM

Would this work for you? Configure Policy Based Routing and route all source 0.0.0.0 packets to Null0 and log-input. Then do some investigative work to track the source.

0 Helpful
Customers Also Viewed These Support Documents