Hi Guys,
Quick question about IDS event logging. If I see an "Attacker Address" of 0.0.0.0, is it safe to assume that the source was spoofed?
Also, if I see an "Attacker Address" of 1.2.3.4, for example, with a target address of 0.0.0.0, what target is the attacker going after?
Thanks!
--B