[Snort-sigs] Alerts where source and destination addresses equal 0.0.0.0

Cyrille Bollu cyrille.bollu at ...2420...
Fri Jan 24 02:56:30 EST 2014


Hi,

On my installation, I've a lot of alerts 2002023-2002028 whose source and
destination IP addresses equal 0.0.0.0.

I've googled about this on Internet, but couldn't really pinpoint what's
going on.

Do any of you have a clue?

And, how could I prevent from being alerted for such events? I've tried
filtering them (eg: !0.0.0.0 -> any 6666:7000), but it didn't seem to work.

Thanks for any help.

Cyrille
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20140124/fe35da4f/attachment.html>


More information about the Snort-sigs mailing list