F-secure Firewall intrusion detection - source 0.0.0.0
We are running F-secure Firewall in several departments. Several times now we have seen an intrusion warning with a source of remote address 0.0.0.0, local address 255.255.255.255. On each occasion it is an intrusion attempt with a scan range of "137 < protocol < 224", and usually it is detected on port 139.
Has anyone else seen this? Any idea what is doing this and why the IPs are so generic?
We are running F-Secure Client Security Premium 11.61; the affected PCs are Windows 7.