McAfee MIS80E001RAI User Guide - Page 63

Understanding events, About IP addresses, Events from 0.0.0.0

Get McAfee MIS80E001RAI - Internet Security Suite 2006 PDF manuals and user guides
UPC - 731944547817
View all McAfee MIS80E001RAI manuals
Add to My Manuals
Save this manual to your list of manuals

Page 63 highlights

About the Inbound Events page Understanding events About IP addresses IP addresses are numbers: four numbers each between 0 and 255 to be precise. These numbers identify a specific place that traffic can be directed to on the Internet. IP address types Several IP addresses are unusual for various reasons: Non-routable IP addresses - These are also referred to as "Private IP Space." These IP addresses cannot be used on the Internet. Private IP blocks are 10.x.x.x, 172.16.x.x - 172.31.x.x, and 192.168.x.x. Loop-back IP addresses - Loop-back addresses are used for testing purposes. Traffic sent to this block of IP addresses comes right back to the device generating the packet. It never leaves the device, and is primarily used for hardware and software testing. The Loop-Back IP block is 127.x.x.x. Null IP address - This is an invalid address. When detected, Personal Firewall indicates that the traffic used a blank IP address. Frequently, this indicates that the sender is deliberately obscuring the origin of the traffic. The sender will not be able to receive any replies to their traffic unless the packet is received by an application that understands the contents of the packet that will include instructions specific to that application. Any address that starts with 0 (0.x.x.x) is a null address. For example, 0.0.0.0 is a null IP address. Events from 0.0.0.0 If you see events from IP address 0.0.0.0, there are two likely causes. The first, and most common, is that your computer has received a badly formed packet. The Internet isn't always 100% reliable, and bad packets can occur. Since Personal Firewall sees the packets before TCP/IP can validate them, it might report these packets as an event. The other situation occurs when the source IP is spoofed, or faked. Spoofed packets can be a sign that someone is scanning your computer for Trojans. Personal Firewall blocks this kind of activity, so your computer is safe. Events from 127.0.0.1 Events will sometimes list their source IP as 127.0.0.1. This is called a loopback address or localhost. Many legitimate programs use the loopback address for communication between components. For example, you can configure many personal E-mail or Web servers through a Web interface. To access the interface, you type "http://localhost/" in your Web browser. User Guide 63

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
User Guide
63
About the Inbound Events page
Understanding events
About IP addresses
IP addresses are numbers: four numbers each between 0 and 255 to be precise.
These numbers identify a specific place that traffic can be directed to on the
Internet.
IP address types
Several IP addresses are unusual for various reasons:
Non-routable IP addresses
— These are also referred to as "Private IP Space." These
IP addresses cannot be used on the Internet. Private IP blocks are 10.x.x.x,
172.16.x.x - 172.31.x.x, and 192.168.x.x.
Loop-back IP addresses
— Loop-back addresses are used for testing purposes.
Traffic sent to this block of IP addresses comes right back to the device generating
the packet. It never leaves the device, and is primarily used for hardware and
software testing. The Loop-Back IP block is 127.x.x.x.
Null IP address
— This is an invalid address. When detected, Personal Firewall
indicates that the traffic used a blank IP address. Frequently, this indicates that the
sender is deliberately obscuring the origin of the traffic. The sender will not be able
to receive any replies to their traffic unless the packet is received by an application
that understands the contents of the packet that will include instructions specific
to that application. Any address that starts with 0 (0.x.x.x) is a null address. For
example, 0.0.0.0 is a null IP address.
Events from 0.0.0.0
If you see events from IP address 0.0.0.0, there are two likely causes. The first, and
most common, is that your computer has received a badly formed packet. The
Internet isn't always 100% reliable, and bad packets can occur. Since Personal
Firewall sees the packets before TCP/IP can validate them, it might report these
packets as an event.
The other situation occurs when the source IP is spoofed, or faked. Spoofed packets
can be a sign that someone is scanning your computer for Trojans. Personal
Firewall blocks this kind of activity, so your computer is safe.
Events from 127.0.0.1
Events will sometimes list their source IP as 127.0.0.1. This is called a loopback
address or localhost.
Many legitimate programs use the loopback address for communication between
components. For example, you can configure many personal E-mail or Web
servers through a Web interface. To access the interface, you type
“http://localhost/” in your Web browser.