How can i get port scanned from 0.0.0.0??

Discussion in 'other firewalls' started by Jonas, Apr 30, 2003.

Thread Status:
Not open for further replies.
  1. Jonas

    Jonas Registered Member

    Joined:
    Oct 30, 2002
    Posts:
    46
    I have been getting scanned alot lately but the wierd thing is they are all from a nonexisting IP? Any help or explaination would be appriciated.

    Tahnks,
    Jonas
     

    Attached Files:

  2. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    FYI...

    Here's a quick list of the various IP's that are NOT internet, but network (i.e. they should not be blocked):

    127.0.0.1 (default loop-back: the info goes nowhere)
    224.0.0.0 (default multicast - goes nowhere)
    0.0.0.0 (default cable continuity - goes nowhere)
    255.255.255.255 (default broadcast - goes only on LAN)
    10.0.0.0 - 10.255.255.255 (local network)
    172.16.0.0 - 172.31.255.255 (local network)
    192.168.0.0 - 192.168.255.255 (local network)

    The local network entries are IP's that can only be used on a LAN (per IANA.org instructions). Therefore, you shouldn't see those, or you should see only YOUR IP and no others, but this range is safe.

    127.0.0.x is default loopback. It's a way that the adapter can test itself by sending itself packets. It's not to worry about. (Either you should see
    127.0.0.0 or 127.0.0.1)

    224.0.0.x is multicast. It's safe, if you plan to allow multicast for, say, windows media player. I've only seen 224.0.0.0 and 224.0.0.1, but there are others, and all that begin with 224.0.0 should be fine.

    0.0.0.0 is a default IP. I think personally that it's a way for the ethernet adapter to tell that the cable is connected, but that's only my opinion. It's a safe IP.

    255.255.255.255 is a default broadcast address. I think it's a fail-safe for talking to the router / hub / switch if it shifts into hub (broadcast) mode. It's safe.

    The best way to tell about these IP's is, when the internet is NOT connected
    (i.e. cable modem or dsl is unplugged from the wall, or phone line is disconnected from back of computer), go to DOS (win95/98/ME, start > run > "command") (Win2k/xp start > run > "cmd"). Then, at the command prompt, type "route print" (no quotes) and hit enter.




    C:\>route print

    Active Routes:

    Network Address Netmask Gateway Address
    Interface Metric
    0.0.0.0 0.0.0.0 192.168.1.1
    192.168.1.100 1
    127.0.0.0 255.0.0.0 127.0.0.1
    127.0.0.1 1
    192.168.1.0 255.255.255.0 192.168.1.100
    192.168.1.100 1
    192.168.1.100 255.255.255.255 127.0.0.1
    127.0.0.1 1
    192.168.1.255 255.255.255.255 192.168.1.100
    192.168.1.100 1
    224.0.0.0 224.0.0.0 192.168.1.100
    192.168.1.100 1
    255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100
    1

    C:\>


    This is what I saw. My network IP is 192.168.1.100. Therefore, this is default. Don't worry about the netmask, gateway, interface, and metric. I could explain them, but that's beyond what you wanted to know. Those IP's listed in YOUR results for this command should be fine, and should be allowed and trusted by the firewall. Anything else is probably an internet address. And think logically. If the firewall is asking, and you just started msn messenger, what does that tell you? It's probably messenger that wants those IP's.

    __________________________-
    Zone Alarm Pro

    Besides the built-in help, ZoneAlarm users can access one of the most extensive online help guides I have ever seen from a software manufacture. Another advantage to the massive online help is that users can download and print ZoneAlarm Pro's three hundred and forty- three-page PDF manual. Registered users of ZoneAlarm Pro receive one year of free product updates, which are easily accessed by clicking on the "Check for Update" button in the configuration section of the software.

    ZoneAlarm has five main selections a user can access from the main screen: Alerts, Lock, Security, Programs and Configure. From the main menu, a single user or system administrator can grant or restrict program access to the Internet, maintain security levels, and check on intrusion attempts. Alerts keeps a log file of Internet activity such as FWIN (the firewall blocked an inbound packet of data coming to your computer), WOUT (the firewall blocked an outbound packet of data from leaving your computer), FWROUTE (blocked a packet that was not addressed to or from your computer, but was routed through it, FWLOOP (blocked a packet addressed to the loop back adapter), LOCK (blocked a packet due to a lock violation), PE (an application on your computer requested access to the Internet), ACCESS (an application was blocked because it did not have access permission), MS (MailSafe quarantined a file attachment).
    http://www.compunotes.com/InternetReviews/zonepro.htm
     
  3. Jonas

    Jonas Registered Member

    Joined:
    Oct 30, 2002
    Posts:
    46
    Thanks Primrose,
    but does that explain the various destination IPs?

    Thanks,
    jonas
     
Loading...
Thread Status:
Not open for further replies.