Critical Systems Protection (SCSP) Logs Report a 0.0.0.0 Local IP Address When a Policy is Triggered
Updated On:26-01-2012 13:13
Critical System Protection
When viewing the logs on CSP, you notice that the local IP address of the event is 0.0.0.0
Local IP Address 0.0.0.0 in event logs
The SCSP firewall blocks inbound/outbound connections by hooking socket-style interfaces. It blocks accept() calls for inbound traffic to a socket at the application layer, but does not have access to layer 3 information such as the inbound IP address.