-
March 24th, 2002, 03:31 AM
#1
Has the network been already compromised?
Hey, s'up? Just have a question, IP addresses starting with 192.168.x.x are internal IP addresses, rite? Now, however, when I ran a test over at PC FLANK.COM, my firewalls report connections always from the IP address set including: 192.168.x.x and 0.0.0.0 What does this mean? Has my network been already compromised? What can I do to really trace out the real IP address of the connection?
-
March 24th, 2002, 03:44 AM
#2
0.0.0.0 is a sign of an inactive connection or connection within your system. Also your firewall might block out some of your connection or perhaps theirs. That is sorta the job of the firewall.
-
March 24th, 2002, 03:45 AM
#3
Member
THe Firewall might be using NAT (Network Address Translation) and just throwing out a bogus IP list for security... although NAT will usuallly show a public IP ......
?????
-
March 24th, 2002, 04:11 AM
#4
Yeah, but some firewalls can have the option to turn that on or turn it off. Check the default settings about that... Also did you edit it from the default settings?
-
March 24th, 2002, 04:36 AM
#5
0.0.0.0 means that someone established a null session to your computer, if im not mistaken... This can be done wit the net use //IP//$IPC ""USERNAMEassword""
It could be someone on the inside of the network or even on the outside... Set a firewall to log all incoming connection attempts to all ports (TCP and UDP) and see what happens
-
March 24th, 2002, 04:44 AM
#6
Hey Ac1d,
What's a "null session"?
For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
(Romans 6:23, WEB)
-
March 24th, 2002, 05:00 AM
#7
Member
Preacherman481: Null Session is when you use a blank username and password to authenticate.
-
March 24th, 2002, 05:01 AM
#8
-
March 24th, 2002, 05:08 AM
#9
Errrm, thanks for the greenies ac1d, but I didn't know you said anything wrong. I was just asking for information. I really didn't know what a "null session" was.
For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
(Romans 6:23, WEB)
-
March 24th, 2002, 05:09 AM
#10
Member
And After thinking about the problem for awhile:
The events from IP address 0.0.0.0, are from two likely causes. The first, and most common, is that for some reason your machine received a badly formed packet.
The other situation is when the source IP is spoofed, or faked. Spoofed packets may be a sign that someone is scanning around looking for trojans, and they happened to try your machine.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|