PC Review
Home Forums Reviews Articles Register
Member Login:

PC Review > Forums > Newsgroups > Windows XP > Windows XP Security > 0.0.0.0.

Reply
Thread Tools Rate Thread

0.0.0.0.

 
 
=?Utf-8?B?TGFycnk=?=
Guest
Posts: n/a
 
      2nd Oct 2006
0.0.0.0: followed by a port number was blocked by Zone Alarm. The full
message:
WINDOWS\system32\mmc.exe
What is this?
--
Thanks,
Larry
 
Reply With Quote
 
 
 
 
imhotep
Guest
Posts: n/a
 
      2nd Oct 2006
Larry wrote:

> 0.0.0.0: followed by a port number was blocked by Zone Alarm. The full
> message:
> WINDOWS\system32\mmc.exe
> What is this?

It depends. It used to have a meaning of "default route", etc. It is safe to
block it. Don't worry.

Imhotep
 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a
 
      2nd Oct 2006
From: "Larry" <(E-Mail Removed)>

| 0.0.0.0: followed by a port number was blocked by Zone Alarm. The full
| message:
| WINDOWS\system32\mmc.exe
| What is this?
| --
| Thanks,
| Larry

That's DHCP asking a DHCP server for an IP address.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
 
Reply With Quote
 
imhotep
Guest
Posts: n/a
 
      2nd Oct 2006
imhotep wrote:

> Larry wrote:
>
>> 0.0.0.0: followed by a port number was blocked by Zone Alarm. The full
>> message:
>> WINDOWS\system32\mmc.exe
>> What is this?
>
> It depends. It used to have a meaning of "default route", etc. It is safe
> to block it. Don't worry.
>
> Imhotep


Sorry type-o. I meant It is safe you don't need to block it....
 
Reply With Quote
 
karl levinson, mvp
Guest
Posts: n/a
 
      2nd Oct 2006

"Larry" <(E-Mail Removed)> wrote in message
news:93D64866-F3C5-4C4E-A159-(E-Mail Removed)...
> 0.0.0.0: followed by a port number was blocked by Zone Alarm. The full
> message:
> WINDOWS\system32\mmc.exe
> What is this?

The IP 0.0.0.0 is not very informative, so knowing the port number and
protocol from the message would be useful. DHCP is a possibility. 0.0.0.0
could perhaps be a spoofed source address, or it might be an attempt at a
network broadcast from certain devices. Some solutions use this IP to
represent an aggregation of multiple IP addresses causing a similar event,
but this doesn't sound like the case here.

--
kind regards,
Karl Levinson, CISSP, CCSA, MCSE [MS MVP]
--------------------------------
Microsoft Security FAQ:
http://securityadmin.info
 
Reply With Quote
 
Steven L Umbach
Guest
Posts: n/a
 
      3rd Oct 2006
I am not sure why mmc would be doing that but I really doubt it is anything
malicious. 0.0.0.0 is seen when you run the command netstat -an and shown
for both local and foreign IP address when that port is "listening" and I
believe refers to any network address that your operating system may be
using. The link below explains this also.

Steve

http://support.microsoft.com/default...b;en-us;175952


"Larry" <(E-Mail Removed)> wrote in message
news:93D64866-F3C5-4C4E-A159-(E-Mail Removed)...
> 0.0.0.0: followed by a port number was blocked by Zone Alarm. The full
> message:
> WINDOWS\system32\mmc.exe
> What is this?
> --
> Thanks,
> Larry
 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a
 
      3rd Oct 2006
From: "Steven L Umbach" <(E-Mail Removed)>

| I am not sure why mmc would be doing that but I really doubt it is anything
| malicious. 0.0.0.0 is seen when you run the command netstat -an and shown
| for both local and foreign IP address when that port is "listening" and I
| believe refers to any network address that your operating system may be
| using. The link below explains this also.
|
| Steve
| | http://support.microsoft.com/default...b;en-us;175952

Steve:

Larry indicated "was blocked by Zone Alarm" therefore packets were generated using 0.0.0.0
therefore it isn't a case of "listening".

RARP, BootP and DHCP generate packets of 0.0.0.0 which means here is my MAC address, give me
an IP address.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
 
Reply With Quote
 
Steven L Umbach
Guest
Posts: n/a
 
      4th Oct 2006
Thanks. I know that listening did not cause the message on ZA but was
indicating that 0.0.0.0 is often seen with various networking utilities and
would indicate this is not a reason for concern - certainly not a routable
IP address.

Steve

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:%(E-Mail Removed)...
> From: "Steven L Umbach" <(E-Mail Removed)>
>
> | I am not sure why mmc would be doing that but I really doubt it is
> anything
> | malicious. 0.0.0.0 is seen when you run the command netstat -an and
> shown
> | for both local and foreign IP address when that port is "listening" and
> I
> | believe refers to any network address that your operating system may be
> | using. The link below explains this also.
> |
> | Steve
> | | http://support.microsoft.com/default...b;en-us;175952
>
> Steve:
>
> Larry indicated "was blocked by Zone Alarm" therefore packets were
> generated using 0.0.0.0
> therefore it isn't a case of "listening".
>
> RARP, BootP and DHCP generate packets of 0.0.0.0 which means here is my
> MAC address, give me
> an IP address.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
 
Reply With Quote
 
 
 
Reply

« identifying sending ip | Updating clients with no direct internet access »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Features
Forums Startup Database Reviews Articles FAQ / Guidelines About Us
 

Advertising
 

Newsgroups
Windows Vista Windows XP Microsoft Word Microsoft DotNet Windows 2000 AntiSpyware Microsoft Access Microsoft Excel Microsoft Outlook Hardware
 


All times are GMT +1. The time now is 06:05 PM.
Powered by vBulletin®. Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2010, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top