IP address 0.0.0.0 is meaningless. So how is the communication from this IP address transmitted to the network?
J.F. Rice, IT security expert, said he tracked a mysterious thing on the company's network this month. When he is idle (this is not the case), he needs to view records of various security devices in the company. Other people in the company are responsible for in-depth research into these issues. However, Rice thinks it is important to connect something that is running on the company's network. He may find something missing from the tool software or something ignored by others. Rice verified his idea.
When Rice read the company's firewall record, he found a strange thing. The company firewall saw a lot of communications from the target IP address 0.0.0.0. This is an impossible IP address. Rice set up a company firewall long ago to block communications with apparently fake IP addresses. The company's firewall responsibly blocks such communication and records it. However, when Rice sees the recorded data, this record aroused his interest, and the boring work suddenly became interesting. What is trying to send a communication with a non-existent IP address to the company's network? This is like finding an email with no address in your mailbox.
Rice started investigating the issue. He said there are too many possibilities in terms of credibility. If someone sends a message from somewhere on the Internet to a target address that is "0", the message cannot be sent anywhere. However, this communication has entered the gate of our network. Can I change the IP address somewhere before entering US?
Rice said, I don't think this kind of thing is likely to happen, but it is possible. If the communication is not from the Internet, the only other explanation is that the communication is hijacked between our firewall and the Internet. This means that the communication comes from within the company.
Meaning of 0
When this address is meaningless, it is obviously difficult to track the source of the communication. Rice asked a very good network engineer from the company for help. The engineer is also very interested in this position like Rice. They worked together to figure out what happened. They checked the internet router, which is the next hop point for network communication outside the company's firewall. They did not find any exceptions or communication records in the router settings. However, they did find a suspicious phenomenon. The strange thing is that the IP address is 0 and there is no trace of communication.
After careful inspection, the network engineer found an important clue: the router has no memory. Obviously, this vro has been working hard and there is not enough free memory.
Finally, the memory shortage is the cause of this problem. Vrouters of this brand discard some network information when they do not have enough memory. This explains why the router is completely zero: there is not enough memory to combine valid network packets, resulting in some IP addresses that are all 0. Some addresses become mysterious empty addresses.
Restarting a vro seems to solve this problem. At present, the company's network team is closely observing the resources used by the company's routers and network devices.
Rice said, "I am very happy that our IT security tools and security personnel can help me identify and track performance problems in our networks. Although this problem is strictly related to security, it is the first problem discovered by our devices. In this case, security tools can help solve the problem, rather than interfering with solving the problem. I think this is a victory.