Forum OpenACS Q&A: Re: unwanted spam from my server... help.

Collapse
Posted by your treat on
As far as I know, 0.0.0.0 is the address of the network you're on, and is typically used by servers to broadcast out messages.

It's not surprising that ppl chose to play games with it, but when vendors of Firewalls like ZoneAlarm (appear to) require you to accept whatever comes in on it as a valid message, after which a sequence of other Ports are sent messages to and from your PC, then I ask myself, why are these ppl writing Firewalls? Why not just send everyone some virus and be done with it?

0.0.0.0 appears to have yet another purpose. Although localhost is 127.0.0.1, you'll find quite a few connections to your own PC via the address 0.0.0.0, even subsequent to having been assigned an IP.

It also is used as a "starting" address, before you're assigned an IP. However, what "bugs" me is that 0.0.0.0 remains unchanged in your system (if you run XP), and legitimate messages are not only sent by you to countless remote sites, using that IP, but the damn IP continues to be used by some of the most "sensitive" services and DLL's in your entire System, e.g. SvcHost, and System (which is Kernel32.DLL).

Alls I can say is that I do block lots of 0.0.0.0 incoming messages to various programs, but if you block too much of it, you're going to find that you will be unable to connect to various sites to send them messages, as well.

Assumably, one would expect ICMP to be amongst the first messages, as well as, the response from 255.255.255.234 which is recommended to be blocked.

It would seem that there are too many cooks in the kitchen, and each vendor choses to you it for their own purposes and in their own ways, from O/S's to Firewalls.

BTW. By msgs, I'm not inferring E-Mail or anything of the sort. Nor am I suggesting only ICMP is sent over it.

When I was coding mid-level TCP code on a Corporate Intranet
it was understood by all that 0.0.0.0 referred to an address used by the Network Server to make "announcments" to clients. However, that too, was by agreement, and I would not suggest that even then 0.0.0.0 was listened to for other purposes.

As a prime example for screw-ups, unless you take some measures to restrict Ports 445 and 135 from getting msgs from the outside, you might find it problematic, as they too listen for messages from 0.0.0.0, which (I would think) they assume is your own PC, long after you're assigned in IP address. (If running windows be careful about blocking those Ports. Even though RPC is not required for any good reason, Microsoft made it a requirement, and if those ports are blocking your own PC from getting messages from your Keyboard, you'll have to reinstall your partition, or your entire system, if you have no decent stand-alone backup software.)

I would not pretend to portray myself as entirely knowledgeable about 0.0.0.0, in fact, a Google search for it's purposes lead me to this thread, and I just jumped in, although I don't have the ACS software, or even have bothered to look up what it's about.

My quest for more info on 0.0.0.0 continues via the search engine, in a moment. If I'm mistaken in anything I've mentioned, I would be interested in knowing what you would have a comment or correction, or ideas on, pls feel free to comment back to me at: mailto:yourtreat2@hotmail.com. (No need to worry about writing to a spammer, unless this is considered to be spam, as some might think. Instead, I've been programming since 1980, and have done Programming under DOS and windows using C, C++, Java, and more, for the past 11 years.)

Regards - T2