0.0.0.0 Probes

["John Smithson" <why1234 () hotmail com>]

Thank you very much for everyone's input.

I'll do some sniffing :) and attempt to understand if there is a 
misconfigured device on our network.  Also, as some of you pointed out, I'll 
have our router block the 0.0.0.0 and other private or public (but not 
allocated) networks.

Life is full of strange network packets, we will take care one packet at a 
time. :)

John

-------------------------
Gurus,

Over the last few days my external NIDS (outside firewall) has picked up 
huge amount of HTTP Probe (over 50,000/day) with source IP address 0.0.0.0.  
The destinations are every IP address on my public-DMZ.  These are just HTTP 
Probes.  This traffic is being dropped by my firewalls. Internal IDS does 
not show any of this event.  Initially, I thought it was just normal scan, 
but since it is occurring everyday with that high frequency, I got more 
curious.

However, I'm trying to understand what / how does the 0.0.0.0 Source mean.  
Could some of you kindly shed light on this fellow?  I have googled it and 
done normal research.. but still not 100% clear.  Is it something that we 
have mis-configuration? Is it broadcast traffic? Can I user my router to 
block this?  .. all normal questions to defend my assets..

Thank you,

John

_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee® 
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963