Critical Systems Protection (SCSP) Logs Report a 0.0.0.0 Local IP Address When a Policy is Triggered
search cancel

Critical Systems Protection (SCSP) Logs Report a 0.0.0.0 Local IP Address When a Policy is Triggered

book

Article ID: 151899

calendar_today

Updated On:

Products

Critical System Protection

Issue/Introduction

When viewing the logs on CSP, you notice that the local IP address of the event is 0.0.0.0

Symptoms:
Local IP Address 0.0.0.0 in event logs

 

Resolution

The SCSP firewall blocks inbound/outbound connections by hooking socket-style interfaces. It blocks accept() calls for inbound traffic to a socket at the application layer, but does not have access to layer 3 information such as the inbound IP address.

 


Powered by Wolken Software