The IP 0.0.0.0 is not very informative, so knowing the port number and
protocol from the message would be useful. DHCP is a possibility. 0.0.0.0
could perhaps be a spoofed source address, or it might be an attempt at a
network broadcast from certain devices. Some solutions use this IP to
represent an aggregation of multiple IP addresses causing a similar event,
but this doesn't sound like the case here.
I am not sure why mmc would be doing that but I really doubt it is anything
malicious. 0.0.0.0 is seen when you run the command netstat -an and shown
for both local and foreign IP address when that port is "listening" and I
believe refers to any network address that your operating system may be
using. The link below explains this also.
| I am not sure why mmc would be doing that but I really doubt it is anything
| malicious. 0.0.0.0 is seen when you run the command netstat -an and shown
| for both local and foreign IP address when that port is "listening" and I
| believe refers to any network address that your operating system may be
| using. The link below explains this also.
|
| Steve
| | http://support.microsoft.com/default.aspx?scid=kb;en-us;175952
Steve:
Larry indicated "was blocked by Zone Alarm" therefore packets were generated using 0.0.0.0
therefore it isn't a case of "listening".
RARP, BootP and DHCP generate packets of 0.0.0.0 which means here is my MAC address, give me
an IP address.
Thanks. I know that listening did not cause the message on ZA but was
indicating that 0.0.0.0 is often seen with various networking utilities and
would indicate this is not a reason for concern - certainly not a routable
IP address.
Steve
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.
