IP address 0.0.0.0

I am curious to find out entries in my router log (Linksys) which have LAN
IP of 0.0.0.0 and destination URL/IP of �. Does nayone know what it means?
Is this any hacker activity?
0
Sam
10/24/2004 5:38:36 PM
grc.techtalk.packetsniffing 559 articles. 0 followers. Follow

9 Replies
1338 Views

Similar Articles

[PageSpeed] 39
Get it on Google Play
Get it on Apple App Store

Sam <nspam@nospam.net> wrote:
> I am curious to find out entries in my router log (Linksys) which
> have LAN IP of 0.0.0.0 and destination URL/IP of �. Does nayone know
> what it means? Is this any hacker activity?

http://www.geocities.com/merijn_bellekom/new/netstatan.html

-- 
Robert
GRC newsgroup tips - http://www.imilly.com/noregrets.htm
List of Lists - http://lists.gpick.com/
Privacy and Security - https://netfiles.uiuc.edu/ehowes/www/main-nf.htm
0
Robert
10/24/2004 7:50:04 PM
On Sun, 24 Oct 2004 14:50:04 -0500, "Robert Wycoff"
<rwycoff@127.0.0.1> wrote:


>http://www.geocities.com/merijn_bellekom/new/netstatan.html

Good page but recommends using a virus scanner to clear a sub7
trojan.  Other than that it's very nice.

"So it's like herding cats."
Richard Smalley. Professor of Chemistry and Physics
Rice University, Nobel Prize for Chemistry, 1986
0
El
11/1/2004 2:08:29 AM
Re: understanding netstat cmd

> >http://www.geocities.com/merijn_bellekom/new/netstatan.html

Good page but recommends using a virus scanner to clear a sub7
trojan.  Other than that it's very nice.


EGG:

It is impt to remember that the netstat cmd shows info w/o considering the 
affects on a firewall.
So, if netstat shows TCP 139 as Listening, and you have a firewall, the port 
may be open/closed/stealth per the firewall settings. 
0
CZ
11/1/2004 3:15:20 PM
On Mon, 1 Nov 2004 07:15:20 -0800, "CZ" <CZ@no99spam.com> wrote:

<snipped>

>It is impt to remember that the netstat cmd shows info w/o considering the 
>affects on a firewall.
>So, if netstat shows TCP 139 as Listening, and you have a firewall, the port 
>may be open/closed/stealth per the firewall settings. 

Not argumentative but are you saying that netstat shows one thing
(port xyz listening) but an installed software firewall may be
blocking connection on that port without netstat reporting that?


"So it's like herding cats."
Richard Smalley. Professor of Chemistry and Physics
Rice University, Nobel Prize for Chemistry, 1986
0
El
11/3/2004 1:26:26 AM
El Gato Grande wrote:
> On Mon, 1 Nov 2004 07:15:20 -0800, "CZ" <CZ@no99spam.com> wrote:
> 

> 
>>It is impt to remember that the netstat cmd shows info w/o considering the 
>>affects on a firewall.
>>So, if netstat shows TCP 139 as Listening, and you have a firewall, the port 
>>may be open/closed/stealth per the firewall settings. 
> 
> 
> Not argumentative but are you saying that netstat shows one thing
> (port xyz listening) but an installed software firewall may be
> blocking connection on that port without netstat reporting that?
> 

CZ is quite correct; a software firewall interposes itself between the 
network connection and the ports. It grabs the packets before the port 
sees them and then inspects them, discarding unsolicited packets and any 
other kind of packet that should be dropped by the rule set in the 
firewall. The other packets are then released to the ports.

A port can be open but if you define a rule in the software to stop 
packets going to that port then the port remains open as reported by 
Netstat or TCPview, but the port will appear closed / stealthed to an 
outsider like GRC ShieldsUp.

Netstat and TCPview do not interact with a software firewall; they 
examine and report the port settings in the internal stack of the OS.

Or so I believe   ;)

-- 
Le Flake
from deepest, darkest Qu�bec
0
Le
11/3/2004 3:11:56 AM
In article <8pcgo0pl3toieshumld0ffia7h63l5li9n@4ax.com>, El Gato Grande 
says...

> On Mon, 1 Nov 2004 07:15:20 -0800, "CZ" <CZ@no99spam.com> wrote:

> <snipped>

> >It is impt to remember that the netstat cmd shows info w/o considering the 
> >affects on a firewall.
> >So, if netstat shows TCP 139 as Listening, and you have a firewall, the port 
> >may be open/closed/stealth per the firewall settings. 

> Not argumentative but are you saying that netstat shows one thing
> (port xyz listening) but an installed software firewall may be
> blocking connection on that port without netstat reporting that?

Actually, yes. Consider, first, a dialup connection:

Windows IP Configuration

Ethernet adapter :

	Description . . . . . . . . : PPP Adapter.
	IP Address. . . . . . . . . : 4.246.87.58

Now consider the following TCPView output (think of it as "netstat in a 
GUI"):

> TCP	4.246.87.58:139	0.0.0.0:0	LISTENING		
> UDP	4.246.87.58:137	*:*			
> UDP	4.246.87.58:138	*:*			

Finally, the Shields Up! test:

> 4.246.87.58 


Please Stand By. . .

	Attempting connection to your computer. . .

> 	Your Internet port 139 does not appear to exist!

> 	Unable to connect with NetBIOS to your computer.

All attempts to get any information from your computer have FAILED.

----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2004-11-03 at 09:22:07

Results from scan of ports: 0-1055

    0 Ports Open
    0 Ports Closed
 1056 Ports Stealth
---------------------
 1056 Ports Tested

----------------------------------------------------------------------

I did add a specific, in Kerio Personal Firewall, rule to block ports 137-
139; though I believe the "Is running on Internet gateway" setting would 
also block this. I am normally connected to the Internet through a Netgear 
FR114P, and don't usually need such a rule. So, yes, a block rule will keep 
the WAN out without affecting the netstat report.

Actually, I count on that to keep certain ports open on the LAN but 
inaccessible from the WAN. My Netgear doesn't forward ports so much as use 
an SPI filter to allow packets to pass from the WAN to the LAN. As a 
firewall, the Netgear is blocking access to all ports except those I specify 
to allow access.

-- 
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint
0
Norman
11/3/2004 10:00:43 AM
"Robert Wycoff" <rwycoff@127.0.0.1> wrote in message
news:clh10q$guk$1@news.grc.com...
>
> http://www.geocities.com/merijn_bellekom/new/netstatan.html

That page seems to be gone, now, but The Wayback Machine still has it:
http://web.archive.org/web/*/http://www.geocities.com/merijn_bellekom/new/netstatan.html

-Dave


0
Dave_Burton
9/4/2005 8:34:16 AM
Did you know you were replying to an old  message from 11 months ago <g>


Dave_Burton wrote:
> "Robert Wycoff" <rwycoff@127.0.0.1> wrote in message
> news:clh10q$guk$1@news.grc.com...
>>
>> http://www.geocities.com/merijn_bellekom/new/netstatan.html
>
> That page seems to be gone, now, but The Wayback Machine still has it:
>
http://web.archive.org/web/*/http://www.geocities.com/merijn_bellekom/new/netstatan.html
>
> -Dave


0
Rick
9/4/2005 1:54:13 PM
Yep.  <g>

"Rick Chauvin" <justask@nospamz.com> wrote in message
news:dfeube$1ori$1@news.grc.com...
> Did you know you were replying to an old  message from 11 months ago <g>
>
>
> Dave_Burton wrote:
> > "Robert Wycoff" <rwycoff@127.0.0.1> wrote in message
> > news:clh10q$guk$1@news.grc.com...
> >>
> >> http://www.geocities.com/merijn_bellekom/new/netstatan.html
> >
> > That page seems to be gone, now, but The Wayback Machine still has it:
> >
>
http://web.archive.org/web/*/http://www.geocities.com/merijn_bellekom/new/netstatan.html
> >
> > -Dave


0
Dave_Burton
9/5/2005 3:21:36 AM
Reply:

Similar Artilces:

IP Address 0.0.0.0.0
Some Agent which crosses proxy (MS ISA proxy) are register to the database with 0.0.0.0. When the agent send a request to the server for register, the field ContactAddress has 0.0.0.0 .0 The same PC - Agent without passing a proxy (another location) send a good ContactAdress IP when it register to the server. (Proxy or not) how agent defined addresses IP before to send for registration ? (Locally, with a service network, patchlink network) christian Astinx, can you post the agent update log? -- Shaun Pond PatchLink Update Agent.log 2006/10/23 10:45:14.033...

0.0.0.0
Can someone tell me the function of this scan? FWIN,2001/08/28,20:06:43 -6:00 GMT,0.0.0.0:800,255.255.255.255:800,UDP "Ben" <notben@home.com> wrote in message news:9mhion$2hf9$1@news.grc.com... > Can someone tell me the function of this scan? > FWIN,2001/08/28,20:06:43 -6:00 GMT,0.0.0.0:800,255.255.255.255:800,UDP Ben, I haven't a clue. 800 TCP mdbs_daemon 800 UDP mdbs_daemon http://www.robertgraham.com/pubs/firewall-seen.html http://www.robertgraham.com/pubs/firewall-seen.html#3.6 http://www.robertgraham.com/pubs/firewall-seen.html#3.2 -- ...

0.0.0.0 ????
Obviously a local IP, but what are its functions/purpose? Thanks for educating the uneducated. In article <MPG.18bf7ade16e851cb989680@news.grc.com>, shr@p.com says... > > > Obviously a local IP, but what are its functions/purpose? > > Thanks for educating the uneducated. > Any available adapter - i.e. not bound to specific IP address. -- Bloated Elvis In article <MPG.18bf7ade16e851cb989680@news.grc.com>, shr@p.com says... > > > Obviously a local IP, but what are its functions/purpose? > > Thanks for educating the une...

63.0.0.0.0/255..0.0.0
Has anyone ever heard of this or know where it goes to.It was asking permission to act as a server? Thanks in advance for any help. "pb" <nothing@nomail.com> wrote in message news:9pa1u4$38b$1@news.grc.com... > Has anyone ever heard of this or know where it goes to.It was asking > permission to act as a server? Thanks in advance for any help. If it shows in your firewall log, can you post a copy of it? -- � -- Robert grc.com forum FAQ - http://grc.com/discussions.htm grc.com forum quick reference - http://grc.com/nntpquickref.htm grc.com forum disclaim...

0.0.0.0 IP ADRESS
Hi !I cant understanding. why the my pc documets using 0.0.0.0 ip adress out for internet ? expecially inetsvc.exe and I got active ports program. I see that, the some of the xp (server 2003) documents using 0.0.0.0 ip adress... is there anyone for help this subject. ? and our server (they have dedicated server) no giving us any information about their company. anyone can be know that why ? and I checked my pc with netstat - r ! its seem so different information that my adsl information...thanksARKIN Explain your problem better please, would love to help you on this subject.Bryan Samp...

IP addresses all 0.0.0.0 in srv.log
Does anyone know why Jaguar would report all IP addresses as 0.0.0.0 in the server log? We have 2 servers running, one shows the correct IP addresses and the other always reports zeros. Thanks! Mike. Mike, 0.0.0.0 is the internal address within jaguar. It is used for intercomponet calls Scott <Mike_Peltenburg> wrote in message news:1A2F04C5C44ED6420053579A85256A4C.005357A885256A4C@webforums... > Does anyone know why Jaguar would report all IP addresses as 0.0.0.0 in the > server log? We have 2 servers running, one shows the correct IP addresses > an...

Q: Using 0.0.0.0 as the ip address
Can anyone tell me why I should not as a rule be configuring my dataservers to be listening on 0.0.0.0 (ie. INADDR_ANY) rather than a specific interface address? This is a real easy way to make the dataserver listen on all available interfaces. Why would I want to do this? 1. Some of my hosts have multiple interfaces and I don't (want to have to) know when a new one will be installed. 2. Some of the dataservers are used in a warm standby configuration and if I did this I could just bounce an IP alias between the active and standby dataserver. 3. It *may* be more performa...

!27.0.0.1 vs. 0.0.0.0
I can use any number of tools to see what ports I have listening and/or connected. But among the *Listening* ports, some are 127.0.0.1 and some are 0.0.0.0. What is the difference between 127.0.0.1 and 0.0.0.0 ? Since I've got both - there MUST be a difference. Thanks, Alan 0.0.0.0 stands for all interfaces (example: yourIPaddress,127.0.0.1-127.254.254.254) 127.0.0.1 stands for local interface only (127.0.0.1) > 0.0.0.0 stands for all interfaces > (example: yourIPaddress,127.0.0.1-127.254.254.254) > > 127.0.0.1 stands for local interface only (127....

Worm hacker IP = 0.0.0.0
Can I block hacker address 0.0.0.0 with my firewall and still allow my NT 4.0 IIS webserver to function properly on port 80 and 443? TIA Ric Griffy I blocked 0.0.0.0 it some time ago and it has not been a problem with my servers. Firewall could not get any information on the hacker but showed it as critical attempt. "Ric Griffy" <alakevue@tampabay.rr.com> wrote in message news:9j848i$gt3$1@news.grc.com... > Can I block hacker address 0.0.0.0 with my firewall and still allow my NT > 4.0 IIS webserver to function properly on port 80 and 443? > > TI...

Cluster resource IP of 0.0.0.0
Was inspecting our cluster configuration through remote manager on both of our cluster nodes. Under Clustering/Clustering Config in RM, clicking on the resources shows IP address,AFP,CIFS,etc. All my other resources have a correct IP address assigned to it, however one has 0.0.0.0. We have an IP address certainly assigned to it, but seemed to have lost it I suppose. What process should I go through before/after specifying the IP address, and where else should I be looking to see if something else is screwy somewhere. Thank you in advance. Cheers, CB The best process is...

0.0.0.0 for DNS server IP address in DNS/DHCP console
In DNS/DHCP management console I have a red X accross the DNS server object which doesn't go away and it shows 0.0.0.0 in the DNS Server IP Address field instead of actuall DNS server IP address. How can I edit it and change it to the correct server IP address? Any help would be appreciated -- nsafa ------------------------------------------------------------------------ nsafa, It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply. Has your problem been resolved? If not...

IP addresses 0.0.0.0 when logging in from Webaccess to any PO (shows up on PO)
We upgraded are 6.02 system to 6.03 (single domain, 7 PO's, one GWIA, one web access gateway). Alll is well except now when users login to webaccess their IP shows as 0.0.0.0 on the POA. C/S, MTP, and web access use unique ports when not on the same server. IP's and ports are bound in console one, web server only has one IP. Netware is 5.1 SP5 on all boxes. Anyone have any ideas? Thanks! Matt Winkler winklerm@seiu.org Winklerm, It appears that in the past few days you have not received a response to your posting. That concerns us, and has tri...

[ 0.0.3460.0 ]
Gang... I decided to put up today's first build since it incorporates Sparky's really perfect improvement to the Add/Remove dialog. :) -- ________________________________________________________________ Steve. Working on: GRC's DNS Benchmark utility: http://www.grc.com/dev/DNSBench.exe Steve Gibson wrote: > Gang... > > I decided to put up today's first build since it incorporates > Sparky's really perfect improvement to the Add/Remove dialog. > > :) > I had already worked out a bunch of tests and I've found a ...

[ 0.0.3461.0 ]
Gang... Quick fix of increasing the Add/Remove dialog's inter-button spacing to see whether that cures the effect Robin and others found when using the Classic Windows theme. Did that fix it??? <g> -- ________________________________________________________________ Steve. Working on: GRC's DNS Benchmark utility: http://www.grc.com/dev/DNSBench.exe [for the unabridged version, see Steve Gibson post above] > Did that fix it??? <g> That appears to have done the trick. And the increased spacing makes the result look much nice under the ...

Web resources about - IP address 0.0.0.0 - grc.techtalk.packetsniffing

IPv4 address exhaustion - Wikipedia, the free encyclopedia
IPv4 address exhaustion is the depletion of the pool of unallocated Internet Protocol Version 4 (IPv4) addresses. The IP address space is managed ...

Obama tries to ease anxiety over terror attacks with Oval Office address
President Barack Obama has declared the threat of terrorism to the United States has evolved into a new phase in the wake of recent attacks in ...

Barack Obama outlines counter-terrorism plans in rare Oval Office address; vows to 'destroy' Islamic ...
US president Barack Obama brands Islamic State fighters thugs and killers in a rare address to the nation in the wake of last week's California ...

Oval Office Address Open Thread
President Obama is scheduled to address the nation momentarily. The post Oval Office Address Open Thread appeared first on Balloon Juice .

What will Obama do with his Oval Office address? What do you need him to do?
What I want is: 1. Don't tell us what to do (e.g, remain calm, don't be afraid), 2. Don't mention gun control, 3. Don't let it show that this ...

***Live Updates*** Obama Delivers Oval Office Address on Islamic State, San Bernardino Terrorism
President Barack Obama will address the nation tonight from the Oval Office at 8PM EST to respond to the Islamic terror attacks in San Bernardino ...

Obama speaks on ISIS, gun control, tolerance in Oval Office address - Videos - CBS News
... shows terrorism is now in a new phase. He promised to destroy anyone who tries to harm Americans. It was the president’s first address from ...

Obama's address sets stage for 2016
Obama's address guarantees terrorism and Muslim relations will be central to the '16 campaign, Politico's Ben White says.

President Obama's Address: 'Freedom Is More Powerful Than Fear'
Here is the full text of his speech, as provided by the White House. Tonight, I addressed the nation from the Oval Office on my top priority ...

Address to the nation by the president
THE WHITE HOUSE Office of the Press Secretary For Immediate Release ... For Immediate Release December 6, 2015 Address to the Nation by the ...

Resources last updated: 12/8/2015 8:39:03 AM