PC Review Forums Newsgroups Windows XP Windows XP Security 0.0.0.0.

Reply

0.0.0.0.
 
Thread Tools Rate Thread
Old 02-10-2006, 03:32 PM   #1
=?Utf-8?B?TGFycnk=?=
Guest
 
Posts: n/a
Default 0.0.0.0.


0.0.0.0: followed by a port number was blocked by Zone Alarm. The full
message:
WINDOWS\system32\mmc.exe
What is this?
--
Thanks,
Larry
  Reply With Quote
Old 02-10-2006, 04:50 PM   #2
imhotep
Guest
 
Posts: n/a
Default Re: 0.0.0.0.
Larry wrote:

> 0.0.0.0: followed by a port number was blocked by Zone Alarm. The full
> message:
> WINDOWS\system32\mmc.exe
> What is this?

It depends. It used to have a meaning of "default route", etc. It is safe to
block it. Don't worry.

Imhotep
  Reply With Quote
Old 02-10-2006, 04:50 PM   #3
David H. Lipman
Guest
 
Posts: n/a
Default Re: 0.0.0.0.
From: "Larry" <Larry@discussions.microsoft.com>

| 0.0.0.0: followed by a port number was blocked by Zone Alarm. The full
| message:
| WINDOWS\system32\mmc.exe
| What is this?
| --
| Thanks,
| Larry

That's DHCP asking a DHCP server for an IP address.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
  Reply With Quote
Old 02-10-2006, 05:03 PM   #4
imhotep
Guest
 
Posts: n/a
Default Re: 0.0.0.0.
imhotep wrote:

> Larry wrote:
>
>> 0.0.0.0: followed by a port number was blocked by Zone Alarm. The full
>> message:
>> WINDOWS\system32\mmc.exe
>> What is this?
>
> It depends. It used to have a meaning of "default route", etc. It is safe
> to block it. Don't worry.
>
> Imhotep


Sorry type-o. I meant It is safe you don't need to block it....
  Reply With Quote
Old 02-10-2006, 05:15 PM   #5
karl levinson, mvp
Guest
 
Posts: n/a
Default Re: 0.0.0.0.

"Larry" <Larry@discussions.microsoft.com> wrote in message
news:93D64866-F3C5-4C4E-A159-386222122B1B@microsoft.com...
> 0.0.0.0: followed by a port number was blocked by Zone Alarm. The full
> message:
> WINDOWS\system32\mmc.exe
> What is this?

The IP 0.0.0.0 is not very informative, so knowing the port number and
protocol from the message would be useful. DHCP is a possibility. 0.0.0.0
could perhaps be a spoofed source address, or it might be an attempt at a
network broadcast from certain devices. Some solutions use this IP to
represent an aggregation of multiple IP addresses causing a similar event,
but this doesn't sound like the case here.

--
kind regards,
Karl Levinson, CISSP, CCSA, MCSE [MS MVP]
--------------------------------
Microsoft Security FAQ:
http://securityadmin.info
  Reply With Quote
Old 03-10-2006, 04:28 AM   #6
Steven L Umbach
Guest
 
Posts: n/a
Default Re: 0.0.0.0.
I am not sure why mmc would be doing that but I really doubt it is anything
malicious. 0.0.0.0 is seen when you run the command netstat -an and shown
for both local and foreign IP address when that port is "listening" and I
believe refers to any network address that your operating system may be
using. The link below explains this also.

Steve

http://support.microsoft.com/defaul...kb;en-us;175952


"Larry" <Larry@discussions.microsoft.com> wrote in message
news:93D64866-F3C5-4C4E-A159-386222122B1B@microsoft.com...
> 0.0.0.0: followed by a port number was blocked by Zone Alarm. The full
> message:
> WINDOWS\system32\mmc.exe
> What is this?
> --
> Thanks,
> Larry
  Reply With Quote
Old 03-10-2006, 10:08 PM   #7
David H. Lipman
Guest
 
Posts: n/a
Default Re: 0.0.0.0.
From: "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net>

| I am not sure why mmc would be doing that but I really doubt it is anything
| malicious. 0.0.0.0 is seen when you run the command netstat -an and shown
| for both local and foreign IP address when that port is "listening" and I
| believe refers to any network address that your operating system may be
| using. The link below explains this also.
|
| Steve
| | http://support.microsoft.com/defaul...kb;en-us;175952

Steve:

Larry indicated "was blocked by Zone Alarm" therefore packets were generated using 0.0.0.0
therefore it isn't a case of "listening".

RARP, BootP and DHCP generate packets of 0.0.0.0 which means here is my MAC address, give me
an IP address.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
  Reply With Quote
Old 04-10-2006, 05:55 AM   #8
Steven L Umbach
Guest
 
Posts: n/a
Default Re: 0.0.0.0.
Thanks. I know that listening did not cause the message on ZA but was
indicating that 0.0.0.0 is often seen with various networking utilities and
would indicate this is not a reason for concern - certainly not a routable
IP address.

Steve

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:%23owk6ey5GHA.3836@TK2MSFTNGP06.phx.gbl...
> From: "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net>
>
> | I am not sure why mmc would be doing that but I really doubt it is
> anything
> | malicious. 0.0.0.0 is seen when you run the command netstat -an and
> shown
> | for both local and foreign IP address when that port is "listening" and
> I
> | believe refers to any network address that your operating system may be
> | using. The link below explains this also.
> |
> | Steve
> | | http://support.microsoft.com/defaul...kb;en-us;175952
>
> Steve:
>
> Larry indicated "was blocked by Zone Alarm" therefore packets were
> generated using 0.0.0.0
> therefore it isn't a case of "listening".
>
> RARP, BootP and DHCP generate packets of 0.0.0.0 which means here is my
> MAC address, give me
> an IP address.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
  Reply With Quote
Reply

Archive


Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off