Server Management Group

 View Only

  • 1.  risk logs giving "0.0.0.0" & "127.0.0.1" as source computer IP address

    Posted Jan 02, 2014 03:47 AM

    risk logs giving "0.0.0.0" & "127.0.0.1" as source computer IP address & source computer name. What does it means & how we would exacly be able to find out the source machine(IP address)?



  • 2.  RE: risk logs giving "0.0.0.0" & "127.0.0.1" as source computer IP address

    Posted Jan 02, 2014 04:31 AM
    Neither are helpful, as the former isn't an address and the latter is the standard loopback address, so both can be ignored. You should concentrate on valid addresses that get recorded in the logs.


  • 3.  RE: risk logs giving "0.0.0.0" & "127.0.0.1" as source computer IP address

    Posted Jan 02, 2014 04:41 AM

    See this thread

    http://www.symantec.com/connect/forums/source-attack



  • 4.  RE: risk logs giving "0.0.0.0" & "127.0.0.1" as source computer IP address

    Posted Jan 02, 2014 04:47 AM

    Enable risk tracer

    http://www.symantec.com/business/support/index?page=content&id=TECH94526



  • 5.  RE: risk logs giving "0.0.0.0" & "127.0.0.1" as source computer IP address

    Posted Jan 02, 2014 05:11 AM

    Hi lalit.er,

    One excellent source of info is the Remote Host data available in IPS Attack logs.  See this article...

    Two Reasons why IPS is a "Must Have" for your Network
    https://www-secure.symantec.com/connect/articles/two-reasons-why-ips-must-have-your-network

    That is an excellent indicator of which machines inside the organization are infected and attempting to spread infection.

     



  • 6.  RE: risk logs giving "0.0.0.0" & "127.0.0.1" as source computer IP address

    Posted Jan 02, 2014 04:27 PM

    Risk Tracer is not able to find the source

    https://www-secure.symantec.com/connect/forums/risk-log-source-ip-0000